Joeteck
asked on
XBOX 360 and my Sonicwall pro 200 (DMZ)
I have the sonicwall pro 200. My XBOX 360 tells me my system is strict. I can't have this. How can I set up my Sonicwall's DMZ port so I can put my XBOX on it without any restrictions.???
Sorry, wrong image.
xbox-ports.JPG
xbox-ports.JPG
ASKER
That's interesting. Microsoft dies not show most of those ports... however, my question still remains.... dmz setup, which is the original question. I don't want to open up ports if I have a dmz with no restrictions, correct?
Yes, the dmz solution is NOT secure, but neither is opening ports from the Internet in to your XBOX. Bottom line, Sonicwall does not support UPnP which they believe is inherently insecure and facilitates what you are trying to accomplish. You'll find this feature on SOHO appliances like Netgear and Linksys. When I researched this, the Sonicwall forums are filled with folks trying to do what you are doing. It always came down to one of the two solutions I provided you. Sorry.
ASKER
Correct... Its an XBOX, I could careless. And its 100% monitored by Microsoft. People care not going to risk getting their XBOX banned. So, that said... How do you setup a DMZ??
Setting up the DMZ will depend on how many public IP addresses you have if you have static IPs assigned by your ISP. Here are a couple of links that describe setting up a DMZ on a Sonicwall appliance.
http://www.sonicwall.com/downloads/Typical_DMZ_Configuration_withFTP_SMTP_and_DNS_Servers.pdf
http://www.sonicwall.com/downloads/Using_the_OPT_Port.pdf
Alternatively, create a service object for each that are in the screen shot above, create a group to contain them all. Run the public server wizard and when asked what services to use, select the group. I've read that this has been successful in some cases but not all.
http://www.sonicwall.com/downloads/Typical_DMZ_Configuration_withFTP_SMTP_and_DNS_Servers.pdf
http://www.sonicwall.com/downloads/Using_the_OPT_Port.pdf
Alternatively, create a service object for each that are in the screen shot above, create a group to contain them all. Run the public server wizard and when asked what services to use, select the group. I've read that this has been successful in some cases but not all.
ASKER
Yeah, I found the same documents, however, does not show my appliance... PRO 200.
I have a feeling no one will be able to help me...
I have a feeling no one will be able to help me...
I have attached a PDF that takes you through the process and is, among others, for a Pro 200.
UTM-ConfiguringTheDMZ-OPTInterfa.pdf
UTM-ConfiguringTheDMZ-OPTInterfa.pdf
ASKER
My firmware does not look like that...
I just wish I can get someone who knows what to do rather than post links...
Anyone could post links....
I just wish I can get someone who knows what to do rather than post links...
Anyone could post links....
Sir, I know what to do. The links keep me from spending an hour typing out every little step.
If your OS doesn't look like the instructions, then I don't know what to tell you. In my experience, those are the two that I've seen. Additionally, the instructions indicate it's for a Pro 200, among others. I guess Sonicwall could be wrong. Post a screen shot of your System > System screen which would give a little more detail of your system. Perhaps a small detail we're missing.
Good luck!
If your OS doesn't look like the instructions, then I don't know what to tell you. In my experience, those are the two that I've seen. Additionally, the instructions indicate it's for a Pro 200, among others. I guess Sonicwall could be wrong. Post a screen shot of your System > System screen which would give a little more detail of your system. Perhaps a small detail we're missing.
Good luck!
ASKER
Ok, here you go.... Now what?
DMZ.jpg
DMZ.jpg
Looks like you have a 6.x version. Use these steps to configure the DMZ:
1. Click Advanced > DMZ Addresses.
2. Select DMZ in NAT Mode.
3. Type the Private IP address, which is in a different subnet than that of the LAN. The DMZ IP
address should be the gateway for the computers connected to the DMZ.
4. Click Update to save changes.
The Private IP address assigned to the DMZ/OPT is a non-pingable IP in the Standard
Firmware. You'll want to connect your XBOX to the DMZ/OPT port.
1. Click Advanced > DMZ Addresses.
2. Select DMZ in NAT Mode.
3. Type the Private IP address, which is in a different subnet than that of the LAN. The DMZ IP
address should be the gateway for the computers connected to the DMZ.
4. Click Update to save changes.
The Private IP address assigned to the DMZ/OPT is a non-pingable IP in the Standard
Firmware. You'll want to connect your XBOX to the DMZ/OPT port.
ASKER
ok, now I'm confused.
My internal subnet is 10.0.0.x
I'm just putting a different private IP address in the DMZ section? such as 172.16.0.200?
How will it be able to go out on the Internet? there is no gateway option...
My internal subnet is 10.0.0.x
I'm just putting a different private IP address in the DMZ section? such as 172.16.0.200?
How will it be able to go out on the Internet? there is no gateway option...
Let's say that you give the DMZ a private IP network of 10.0.1.x/24. The private IP you would use in the instructions would be 10.0.1.1 which would be gateway for your XBOX with a subnet mask of 255.255.255.0. The DMZ would use the public IP address already assigned the WAN interface. Your XBOX would have an IP address of 10.0.1.2 with a subnet mask of 255.255.255.0 and a gateway of 10.0.1.1. You could use 4.2.2.2 as DNS on your XBOX.
ASKER
My current internal address is 10.0.0.x
I have a hardware VPN from 10.0.0.x/24 to 192.168.1.x/24
I'm going to use 172.16.0.x/24
Ok, lets say I'm a complete idiot, which I'm leaning towards right now... I can't grasp this for some reason...
The JPG file I uploaded, what would be the IP's you would enter for each field??
I have a hardware VPN from 10.0.0.x/24 to 192.168.1.x/24
I'm going to use 172.16.0.x/24
Ok, lets say I'm a complete idiot, which I'm leaning towards right now... I can't grasp this for some reason...
The JPG file I uploaded, what would be the IP's you would enter for each field??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, ok. Very nice... Now we're cookin!
Now how does the sonicwall assign the IP address to the XBOX? would I use a static IP at this point?
Setting the DMZ private ip and subnet the sonicwall will know what the range is based on the subnet mask?
So I could essentially have the DMZ port go to a switch and have more than one system outside my router, yes?
Now how does the sonicwall assign the IP address to the XBOX? would I use a static IP at this point?
Setting the DMZ private ip and subnet the sonicwall will know what the range is based on the subnet mask?
So I could essentially have the DMZ port go to a switch and have more than one system outside my router, yes?
I would set that as static to keep things simple. You'll only have one host on the dmz anyway, right?
When you set the DMZ IP configurations, the Sonicwall will setup routes and firewall rules automatically...at least it should anyway. By default, I'm guessing here, the Sonicwall will probably create a firewall rule preventing traffic from traversing between the DMZ and your LAN. Best practice says that when you setup a DMZ, you block everything and only open ports that need to be opened. Since the Sonicwall is your gateway internally, if you type the IP address of your XBOX from a workstation on the 10.0.0.x/24 subnet, the sonicwall will TRY to route, but will fail because of the firewall rules preventing traffic from going between the two networks (again, I'm guessing about the firewall rules). It knows the XBOX based on the IP address.
Yes, you could do that. It would be no different if you had a switch connected to the LAN interface of the sonicwall. The only thing I'm uncertain of is DHCP. Starting with at least the TZ170, you could assign a DHCP server scope to an interface or zone. It would then service hosts ONLY on that zone/interface.
When you set the DMZ IP configurations, the Sonicwall will setup routes and firewall rules automatically...at least it should anyway. By default, I'm guessing here, the Sonicwall will probably create a firewall rule preventing traffic from traversing between the DMZ and your LAN. Best practice says that when you setup a DMZ, you block everything and only open ports that need to be opened. Since the Sonicwall is your gateway internally, if you type the IP address of your XBOX from a workstation on the 10.0.0.x/24 subnet, the sonicwall will TRY to route, but will fail because of the firewall rules preventing traffic from going between the two networks (again, I'm guessing about the firewall rules). It knows the XBOX based on the IP address.
Yes, you could do that. It would be no different if you had a switch connected to the LAN interface of the sonicwall. The only thing I'm uncertain of is DHCP. Starting with at least the TZ170, you could assign a DHCP server scope to an interface or zone. It would then service hosts ONLY on that zone/interface.
ASKER
I would at that point put in a static route to the other private ip in order to communicate to it... Which I see no need to at this point...
I will try this out tonight when I get home..
I will try this out tonight when I get home..
ASKER
D U D E !!!
YOU ROCK!
DMZ worked perfectly!
Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you!
YOU ROCK!
DMZ worked perfectly!
Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you!
ASKER
Thanks for the detail I needed!
glad i could help...sorry for the slow start, but we finished strong, right? thanks for the points...
ASKER
digitap, outstanding! installed a TZ100 in my home network. This dmz was kicking me to the curb! What was throwing me off was the "dedicated ip" on my x4 port. I didn't understand THAT would be the gateway ID (not 192.168.168.168) and then to setup a different dedicated IP on my xbox on the same subnet, just bump the ip number up one. I am suspecting I can add a switch and put my dvd player back on it verses running a straight cable to the xbox from TZ100. Just manually adjust the dvd network settings with the same settings I used for the xbox, but give it a different ip up from the xbox. Thank you very much! One last thing that helped was to go to the VOIP menu and check "consistent nat". This made it go from strict to moderate. Game play is good now.
I'm glad this was helpful!
I researched and found that the following ports need to be forwarded. The listing also requested port 80 be forwarded but you may already have an http server your network. See the attached image for the list of ports.
Another option would be to put a switch between your ISP and the Sonicwall. Connect the XBox to the switch and give your XBOX a public IP assuming you have been assigned more than one static IP AND your ISP is assigning you DHCP.
attachment.php