PDA

View Full Version : 680 Nat Type Strict - Xbox One



roveer
2016-04-20, 17:16
I feel a little stupid asking about an xbox one but I run a 680 in my home with a persistant VPN to my office.

So the xbox one shows it's nat type as "strict" which means you are limited to a number of features. Most of my research shows that on consumer grade routers you port forward a bunch of ports and turn on DMZ and that will allow the nat type to show as "open".

So what I did is this:

Put the xbox one into a DMZ, Physically. I cabled it to the DMZ port, established a seperate network for DMZ. I then set up a "Server" in the 680 and added all the ports that are supposed to be open inbound. I also set nat type of that server to none. In my mind this would give just about full open capability to this device which is what it needs. Still Nat type is showing up as strict.

Has anyone come across this scenario and found a solution? I really don't know what to do beyond that.

Thanks,

Roveer

jflemingeds
2016-04-20, 17:57
I might be wrong, but i think you need a firewall that knows how to use UPnP, which is basically a protocol to dynamically open port nats. I don't know if checkpoint supports that or not.

I could also be very wrong! :)

Do you know if your port maps are working? Jump on someone elses network and see if you can connect to them.

PhoneBoy
2016-04-20, 20:12
NAT is always going to be strict on any Check Point device (680 or otherwise), there's no getting around that.
uPnP is not supported with Check Point devices because it's basically a security vulnerability to even support it.
However, my experience has generally been that if you map the correct ports, everything should work as expected.

roveer
2016-04-20, 20:30
I might be wrong, but i think you need a firewall that knows how to use UPnP, which is basically a protocol to dynamically open port nats. I don't know if checkpoint supports that or not.

I could also be very wrong! :)

Do you know if your port maps are working? Jump on someone elses network and see if you can connect to them.

I did find this post: After creating the rule, my NAT type on the xbox one now says MODERATE. I'm almost there. I'm not exactly sure what I still need to do.

MESSAGE:

"Re: UTM-1 and PSN / Xbox Live
Posted: Apr 30, 2015 9:36 AM in response to: Blue Johnson


I've had this problem for months, I fixed it by statically NAT'ing my xbox outbound.

It doesn't like being port address translated. You can still do a PAT as well, but create a manual NAT rule with the source of your xbox and in the translated side put the source as your external IP.

Hope that helps, my NAT now says open."

roveer
2016-04-20, 21:41
Got it!!!

Not entirely sure how/why. It was stuck on moderate and all I did was to make a change to my server rule and instead of listing 3 different UDP's that were running in series I used the dash. After that and after he re-set his xbox one it showed up as follows:

1102