Link to home
Start Free TrialLog in
Avatar of Joeteck
Joeteck

asked on

XBOX 360 and my Sonicwall pro 200 (DMZ)

I have the sonicwall pro 200. My XBOX 360 tells me my system is strict. I can't have this. How can I set up my Sonicwall's DMZ port so I can put my XBOX on it without any restrictions.???
Avatar of digitap
digitap
Flag of United States of America image

My guess is the Sonicwall is preventing traffic in from the Internet on a specific port.  Similar to setting up firewall rules to allow mail or web server, you'll have to run the public server wizard to allow ports in for the XBox.

I researched and found that the following ports need to be forwarded. The listing also requested port 80 be forwarded but you may already have an http server your network.  See the attached image for the list of ports.

Another option would be to put a switch between your ISP and the Sonicwall.  Connect the XBox to the switch and give your XBOX a public IP assuming you have been assigned more than one static IP AND your ISP is assigning you DHCP.
attachment.php
Sorry, wrong image.
xbox-ports.JPG
Avatar of Joeteck
Joeteck

ASKER

That's interesting. Microsoft dies not show most of those ports... however, my question still remains.... dmz setup, which is the original question. I don't want to open up ports if I have a dmz with no restrictions, correct?
Yes, the dmz solution is NOT secure, but neither is opening ports from the Internet in to your XBOX.  Bottom line, Sonicwall does not support UPnP which they believe is inherently insecure and facilitates what you are trying to accomplish.  You'll find this feature on SOHO appliances like Netgear and Linksys.  When I researched this, the Sonicwall forums are filled with folks trying to do what you are doing.  It always came down to one of the two solutions I provided you.  Sorry.
Avatar of Joeteck

ASKER

Correct... Its an XBOX, I could careless. And its 100% monitored by Microsoft. People care not going to risk getting their XBOX banned. So, that said... How do you setup a DMZ??

Setting up the DMZ will depend on how many public IP addresses you have if you have static IPs assigned by your ISP.  Here are a couple of links that describe setting up a DMZ on a Sonicwall appliance.

http://www.sonicwall.com/downloads/Typical_DMZ_Configuration_withFTP_SMTP_and_DNS_Servers.pdf

http://www.sonicwall.com/downloads/Using_the_OPT_Port.pdf

Alternatively, create a service object for each that are in the screen shot above, create a group to contain them all.  Run the public server wizard and when asked what services to use, select the group.  I've read that this has been successful in some cases but not all.
Avatar of Joeteck

ASKER

Yeah, I found the same documents, however, does not show my appliance... PRO 200.


I have a feeling no one will be able to help me...
I have attached a PDF that takes you through the process and is, among others, for a Pro 200.
UTM-ConfiguringTheDMZ-OPTInterfa.pdf
Avatar of Joeteck

ASKER

My firmware does not look like that...

I just wish I can get someone who knows what to do rather than post links...

Anyone could post links....

Sir, I know what to do.  The links keep me from spending an hour typing out every little step.

If your OS doesn't look like the instructions, then I don't know what to tell you.  In my experience, those are the two that I've seen.  Additionally, the instructions indicate it's for a Pro 200, among others.  I guess Sonicwall could be wrong.  Post a screen shot of your System > System screen which would give a little more detail of your system.  Perhaps a small detail we're missing.

Good luck!
Avatar of Joeteck

ASKER

Ok, here you go.... Now what?
DMZ.jpg
Looks like you have a 6.x version.  Use these steps to configure the DMZ:

1. Click Advanced > DMZ Addresses.
2. Select DMZ in NAT Mode.
3. Type the Private IP address, which is in a different subnet than that of the LAN. The DMZ IP
address should be the gateway for the computers connected to the DMZ.
4. Click Update to save changes.

The Private IP address assigned to the DMZ/OPT is a non-pingable IP in the Standard
Firmware.  You'll want to connect your XBOX to the DMZ/OPT port.
Avatar of Joeteck

ASKER

ok, now I'm confused.

My internal subnet is 10.0.0.x

I'm just putting a different private IP address in the DMZ section? such as 172.16.0.200?

How will it be able to go out on the Internet? there is no gateway option...
Let's say that you give the DMZ a private IP network of 10.0.1.x/24.  The private IP you would use in the instructions would be 10.0.1.1 which would be gateway for your XBOX with a subnet mask of 255.255.255.0.  The DMZ would use the public IP address already assigned the WAN interface.  Your XBOX would have an IP address of 10.0.1.2 with a subnet mask of 255.255.255.0 and a gateway of 10.0.1.1.  You could use 4.2.2.2 as DNS on your XBOX.
Avatar of Joeteck

ASKER

My current internal address is 10.0.0.x

I have a hardware VPN from 10.0.0.x/24  to 192.168.1.x/24

I'm going to use 172.16.0.x/24

Ok, lets say I'm a complete idiot, which I'm leaning towards right now... I can't grasp this for some reason...

The JPG file I uploaded, what would be the IP's you would enter for each field??

ASKER CERTIFIED SOLUTION
Avatar of digitap
digitap
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Joeteck

ASKER

Ok, ok. Very nice... Now we're cookin!

Now how does the sonicwall assign the IP address to the XBOX? would I use a static IP at this point?

Setting the DMZ private ip and subnet the sonicwall will know what the range is based on the subnet mask?

So I could essentially have the DMZ port go to a switch and have more than one system outside my router, yes?
I would set that as static to keep things simple.  You'll only have one host on the dmz anyway, right?

When you set the DMZ IP configurations, the Sonicwall will setup routes and firewall rules automatically...at least it should anyway.  By default, I'm guessing here, the Sonicwall will probably create a firewall rule preventing traffic from traversing between the DMZ and your LAN.  Best practice says that when you setup a DMZ, you block everything and only open ports that need to be opened.  Since the Sonicwall is your gateway internally, if you type the IP address of your XBOX from a workstation on the 10.0.0.x/24 subnet, the sonicwall will TRY to route, but will fail because of the firewall rules preventing traffic from going between the two networks (again, I'm guessing about the firewall rules).  It knows the XBOX based on the IP address.

Yes, you could do that.  It would be no different if you had a switch connected to the LAN interface of the sonicwall.  The only thing I'm uncertain of is DHCP.  Starting with at least the TZ170, you could assign a DHCP server scope to an interface or zone.  It would then service hosts ONLY on that zone/interface.


Avatar of Joeteck

ASKER

I would at that point put in a static route to the other private ip in order to communicate to it... Which I see no need to at this point...

I will try this out tonight when I get home..
Avatar of Joeteck

ASKER

D U D E !!!

YOU ROCK!

DMZ worked perfectly!

Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you!

Avatar of Joeteck

ASKER

Thanks for the detail I needed!
glad i could help...sorry for the slow start, but we finished strong, right?  thanks for the points...
Avatar of Joeteck

ASKER

Going to add more info for anyone who looks this up for help.


SONIC-3.JPG
SONIC-2.JPG
digitap, outstanding!  installed a TZ100 in my home network.  This dmz was kicking me to the curb!   What was throwing me off was the "dedicated ip" on my x4 port.  I didn't understand THAT would be the gateway ID (not 192.168.168.168) and then to setup a different dedicated IP on my xbox on the same subnet, just bump the ip number up one.  I am suspecting I can add a switch and put my dvd player back on it verses running a straight cable to the xbox from TZ100.   Just manually adjust the dvd network settings with the same settings I used for the xbox, but give it a different ip up from the xbox.  Thank you very much!  One last thing that helped was to go to the VOIP menu and check "consistent nat".  This made it go from strict to moderate.  Game play is good now.
I'm glad this was helpful!