XBOX 360 and my Sonicwall pro 200 (DMZ)

I have the sonicwall pro 200. My XBOX 360 tells me my system is strict. I can't have this. How can I set up my Sonicwall's DMZ port so I can put my XBOX on it without any restrictions.???
LVL 4
JoeteckAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

digitapCommented:
My guess is the Sonicwall is preventing traffic in from the Internet on a specific port.  Similar to setting up firewall rules to allow mail or web server, you'll have to run the public server wizard to allow ports in for the XBox.

I researched and found that the following ports need to be forwarded. The listing also requested port 80 be forwarded but you may already have an http server your network.  See the attached image for the list of ports.

Another option would be to put a switch between your ISP and the Sonicwall.  Connect the XBox to the switch and give your XBOX a public IP assuming you have been assigned more than one static IP AND your ISP is assigning you DHCP.
attachment.php
0
digitapCommented:
Sorry, wrong image.
xbox-ports.JPG
0
JoeteckAuthor Commented:
That's interesting. Microsoft dies not show most of those ports... however, my question still remains.... dmz setup, which is the original question. I don't want to open up ports if I have a dmz with no restrictions, correct?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

digitapCommented:
Yes, the dmz solution is NOT secure, but neither is opening ports from the Internet in to your XBOX.  Bottom line, Sonicwall does not support UPnP which they believe is inherently insecure and facilitates what you are trying to accomplish.  You'll find this feature on SOHO appliances like Netgear and Linksys.  When I researched this, the Sonicwall forums are filled with folks trying to do what you are doing.  It always came down to one of the two solutions I provided you.  Sorry.
0
JoeteckAuthor Commented:
Correct... Its an XBOX, I could careless. And its 100% monitored by Microsoft. People care not going to risk getting their XBOX banned. So, that said... How do you setup a DMZ??

0
digitapCommented:
Setting up the DMZ will depend on how many public IP addresses you have if you have static IPs assigned by your ISP.  Here are a couple of links that describe setting up a DMZ on a Sonicwall appliance.

http://www.sonicwall.com/downloads/Typical_DMZ_Configuration_withFTP_SMTP_and_DNS_Servers.pdf

http://www.sonicwall.com/downloads/Using_the_OPT_Port.pdf

Alternatively, create a service object for each that are in the screen shot above, create a group to contain them all.  Run the public server wizard and when asked what services to use, select the group.  I've read that this has been successful in some cases but not all.
0
JoeteckAuthor Commented:
Yeah, I found the same documents, however, does not show my appliance... PRO 200.


I have a feeling no one will be able to help me...
0
digitapCommented:
I have attached a PDF that takes you through the process and is, among others, for a Pro 200.
UTM-ConfiguringTheDMZ-OPTInterfa.pdf
0
JoeteckAuthor Commented:
My firmware does not look like that...

I just wish I can get someone who knows what to do rather than post links...

Anyone could post links....

0
digitapCommented:
Sir, I know what to do.  The links keep me from spending an hour typing out every little step.

If your OS doesn't look like the instructions, then I don't know what to tell you.  In my experience, those are the two that I've seen.  Additionally, the instructions indicate it's for a Pro 200, among others.  I guess Sonicwall could be wrong.  Post a screen shot of your System > System screen which would give a little more detail of your system.  Perhaps a small detail we're missing.

Good luck!
0
JoeteckAuthor Commented:
Ok, here you go.... Now what?
DMZ.jpg
0
digitapCommented:
Looks like you have a 6.x version.  Use these steps to configure the DMZ:

1. Click Advanced > DMZ Addresses.
2. Select DMZ in NAT Mode.
3. Type the Private IP address, which is in a different subnet than that of the LAN. The DMZ IP
address should be the gateway for the computers connected to the DMZ.
4. Click Update to save changes.

The Private IP address assigned to the DMZ/OPT is a non-pingable IP in the Standard
Firmware.  You'll want to connect your XBOX to the DMZ/OPT port.
0
JoeteckAuthor Commented:
ok, now I'm confused.

My internal subnet is 10.0.0.x

I'm just putting a different private IP address in the DMZ section? such as 172.16.0.200?

How will it be able to go out on the Internet? there is no gateway option...
0
digitapCommented:
Let's say that you give the DMZ a private IP network of 10.0.1.x/24.  The private IP you would use in the instructions would be 10.0.1.1 which would be gateway for your XBOX with a subnet mask of 255.255.255.0.  The DMZ would use the public IP address already assigned the WAN interface.  Your XBOX would have an IP address of 10.0.1.2 with a subnet mask of 255.255.255.0 and a gateway of 10.0.1.1.  You could use 4.2.2.2 as DNS on your XBOX.
0
JoeteckAuthor Commented:
My current internal address is 10.0.0.x

I have a hardware VPN from 10.0.0.x/24  to 192.168.1.x/24

I'm going to use 172.16.0.x/24

Ok, lets say I'm a complete idiot, which I'm leaning towards right now... I can't grasp this for some reason...

The JPG file I uploaded, what would be the IP's you would enter for each field??

0
digitapCommented:
DMZ Private IP Address: 172.16.0.1
DMZ Subnet Mask: 255.255.255.0

DMZ Private IP Address will be the gateway for your XBOX, so:

XBOX IP: 172.16.0.2
XBOX Mask: 255.255.255.0
XBOX Gateway: 172.16.0.1

IF, you wanted Internet traffic to come in on a different public IP, then you'd put that IP address in the last field.  You would, of course, need to be assigned an additional static IP by your ISP.  If you only have one or your ISP has your WAN IP on DHCP, then you won't make any changes to the last field.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JoeteckAuthor Commented:
Ok, ok. Very nice... Now we're cookin!

Now how does the sonicwall assign the IP address to the XBOX? would I use a static IP at this point?

Setting the DMZ private ip and subnet the sonicwall will know what the range is based on the subnet mask?

So I could essentially have the DMZ port go to a switch and have more than one system outside my router, yes?
0
digitapCommented:
I would set that as static to keep things simple.  You'll only have one host on the dmz anyway, right?

When you set the DMZ IP configurations, the Sonicwall will setup routes and firewall rules automatically...at least it should anyway.  By default, I'm guessing here, the Sonicwall will probably create a firewall rule preventing traffic from traversing between the DMZ and your LAN.  Best practice says that when you setup a DMZ, you block everything and only open ports that need to be opened.  Since the Sonicwall is your gateway internally, if you type the IP address of your XBOX from a workstation on the 10.0.0.x/24 subnet, the sonicwall will TRY to route, but will fail because of the firewall rules preventing traffic from going between the two networks (again, I'm guessing about the firewall rules).  It knows the XBOX based on the IP address.

Yes, you could do that.  It would be no different if you had a switch connected to the LAN interface of the sonicwall.  The only thing I'm uncertain of is DHCP.  Starting with at least the TZ170, you could assign a DHCP server scope to an interface or zone.  It would then service hosts ONLY on that zone/interface.


0
JoeteckAuthor Commented:
I would at that point put in a static route to the other private ip in order to communicate to it... Which I see no need to at this point...

I will try this out tonight when I get home..
0
JoeteckAuthor Commented:
D U D E !!!

YOU ROCK!

DMZ worked perfectly!

Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you!

0
JoeteckAuthor Commented:
Thanks for the detail I needed!
0
digitapCommented:
glad i could help...sorry for the slow start, but we finished strong, right?  thanks for the points...
0
JoeteckAuthor Commented:
Going to add more info for anyone who looks this up for help.


SONIC-3.JPG
SONIC-2.JPG
0
Stormer777Commented:
digitap, outstanding!  installed a TZ100 in my home network.  This dmz was kicking me to the curb!   What was throwing me off was the "dedicated ip" on my x4 port.  I didn't understand THAT would be the gateway ID (not 192.168.168.168) and then to setup a different dedicated IP on my xbox on the same subnet, just bump the ip number up one.  I am suspecting I can add a switch and put my dvd player back on it verses running a straight cable to the xbox from TZ100.   Just manually adjust the dvd network settings with the same settings I used for the xbox, but give it a different ip up from the xbox.  Thank you very much!  One last thing that helped was to go to the VOIP menu and check "consistent nat".  This made it go from strict to moderate.  Game play is good now.
0
digitapCommented:
I'm glad this was helpful!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.