Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎11-28-2007 12:00 AM

Article Id 197287

Configuring a FortiGate unit for Xbox

Article
DescriptionConnecting an Xbox 360 to the Xbox Live service through a Fortigate-protected network.
Components
  • Microsoft Xbox 360
  • All FortiGate units
Steps or Commands

According to the Microsoft KB article ID 908874:

If there is a firewall device between the Xbox console and the network device, you may have to configure the firewall to enable communication on specific network ports. If the NAT status in the Network Status area of the Dashboard is "moderate" or "strict," you may have to configure port settings. ?

The following ports must be available for Xbox Live to operate correctly:

  • UDP/TCP 88
  • UDP/TCP 3074
  • UDP/TCP 2074

You can configure the Xbox on a FortiGate unit using Virtual IPs and an inbound firewall policy. This configuration requires the Xbox or Xbox 360 to be configured with a static IP address.

Create Virtual IPs

Create the Virtual IP required for this configuration.

To add a virtual IP

  1. Go to Firewall> Virtual IP.
  2. Select Create New.
  3. Add a name for the virtual IP, such as 360_TCP_3074.
  4. Select the External Interface.

    This will typically be the interface that connects your FortiGate unit to the Internet. Most often, this is "external" or "wan1".

  5. Set Type to Static NAT.
  6. Set the External IP Address. You can use:
    • The FortiGate unit public IP.
    • If you have a cable or DSL connection with a dynamic IP, you can use 0.0.0.0.
  7. Set Mapped IP Address to the internal IP address of the Xbox 360.
  8. Select Port Forwarding.
  9. Set protocol to TCP.
  10. Set External Service Port and Map to Port. Set both External Service Port and Map to Port to 3074.
  11. Select OK.

Repeat this process for UDP port 3074.

  1. Go to Firewall> Virtual IP.
  2. Select Create New.
  3. Add a name for the virtual IP, such as 360_UDP_3074.
  4. Select the same external interface as with the last VIP.
  5. Set Type to Static NAT.
  6. Set the same External IP Address as the previous VIP.
  7. Set Mapped IP Address to the internal IP address of the Xbox 360.
  8. Select Port Forwarding.
  9. Set protocol to UDP.
  10. Set External Service Port and Map to Port. Set both External Service Port and Map to Port to 3074.
  11. Select OK.

Create VIPs for UDP and TCP ports 2074.

  1. Go to Firewall> Virtual IP.
  2. Select Create New.
  3. Add a name for the virtual IP, such as 360_TCP_3074.
  4. Select the External Interface. This will typically be the interface that connects your FortiGate unit to the Internet. Most often, this is "external" or "wan1".
  5. Set Type to Static NAT.
  6. Set the External IP Address. You can use:
    • The FortiGate unit public IP.
    • If you have a cable or DSL connection with a dynamic IP, you can use 0.0.0.0.
  7. Set Mapped IP Address to the internal IP address of the Xbox 360.
  8. Select Port Forwarding.
  9. Set protocol to TCP.
  10. Set External Service Port and Map to Port. Set both External Service Port and Map to Port to 2074.
  11. Select OK.
  1. Go to Firewall> Virtual IP.
  2. Select Create New.
  3. Add a name for the virtual IP, such as 360_UCP_2074.
  4. Select the External Interface. This will typically be the interface that connects your FortiGate unit to the Internet. Most often, this is "external" or "wan1.
  5. Set Type to Static NAT.
  6. Set the External IP Address. You can use:
    • The FortiGate unit public IP.
    • If you have a cable or DSL connection with a dynamic IP, you can use 0.0.0.0.
  7. Set Mapped IP Address to the internal IP address of the Xbox 360.
  8. Select Port Forwarding.
  9. Set protocol to UDP.
  10. Set External Service Port and Map to Port. Set both External Service Port and Map to Port to 2074.
  11. Select OK.

Finally, repeat this process for the last port, UDP 88.

  1. Go to Firewall> Virtual IP.
  2. Select Create New.
  3. Add a name for the virtual IP, such as 360_UDP_88.
  4. Select the same external interface as with the last VIP.
  5. Set Type to Static NAT.
  6. Set the same External IP Address as the previous VIP.
  7. Set Mapped IP Address to the internal IP address of the Xbox 360.
  8. Select Port Forwarding.
  9. Set protocol to UDP.
  10. Set External Service Port and Map to Port. Set both External Service Port and Map to Port to 88.
  11. Select OK.

These VIPs can be grouped in all versions of FortiOS 3.0 from build MR3 and higher.

To create a VIP group

  1. Go to Firewall> Virtual IP> VIP Group.
  2. Select Create New.
  3. Enter a name for the group, such as Xbox 360.
  4. Select wan1 or external as the external interface.
  5. Move all three VIPs created above to the members box.
  6. Select OK.

Create a firewall policy

Create a firewall policy for that includes the VIP group.

To add a firewall policy with a virtual IP

  1. Go to Firewall> Policy.
  2. Select Create New.
  3. Set Source Interface to WAN1 (or whatever your external interface to the Internet is).
  4. Set Source Address to all.
  5. Set Destination Interface to the internal port.
  6. Set Destination Address to the name of the Virtual IP group.
  7. Enable Fixed Port.
  8. Select OK.

Labels:
9893
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.