Reply
Highlighted
Not applicable

Games consoles behind a PA-500

Good afternoon all,

We are trialling a PA-500 at the moment and so far very impressed with the device.  We have managed to configure everything we are likely to need to do through the firewall but this isn't a show stopping question/issue.

We have multiple Xbox 360's and Playstation 3's here and the number will be increasing.  We would like to be able to do multiplayer gaming in general from these consoles.  Once we get our full infrastructure in place we will be placing them in their own VLAN's to segment them from the network.

At the moment, we sit the consoles outside of the firewall with public IP's allowing us to do full multiplayer gaming sessions.  I know uPNP is a big no no on corporate networks however I was wondering if there is a way to allow uPNP from a certain VLAN and/or for a certain application?

As a backup plan I think it is possible to do multiple inbound PAT however this could be a high overhead in terms of administering it with which Xbox is currently switched on and/or hosting a game.

I know the PA can recognise Xbox live traffic, so was just curious about the easiest way to go about it.

Many thanks in advance


Accepted Solutions
Highlighted
L3 Networker

Re: Games consoles behind a PA-500

currently the pa can detect the various online gaming for xbox, wii, etc. All you will need to do is create a rule allow those application inbound and outbound.

View solution in original post


All Replies
Highlighted
L3 Networker

Re: Games consoles behind a PA-500

currently the pa can detect the various online gaming for xbox, wii, etc. All you will need to do is create a rule allow those application inbound and outbound.

View solution in original post

Highlighted
L1 Bithead

Re: Games consoles behind a PA-500

>currently the pa can detect the various online gaming for xbox, wii, etc. All you will need to do is create a rule allow those >application inbound and outbound.

 

Hello,

 

Could you please elaborate or provide an example?

 

We have the same requirement but was not sucessfull with the bi-direction or static NAT'ing policies or rules (wth the respective App-ID's)..

 

 

L7 Applicator

Re: Games consoles behind a PA-500

uPNP is not something that can be allowed through the firewall. As it is inherently insecure, you would need to do 1-to-1 NAT to get the full capabilities of the Xbox/PS platforms. Without the 1-to-1 NAT, you'll still be able to get online to download updates or new games, browse the respective marketplaces, etc., but you won't be able to host a multiplayer game (unless something has changed in the last couple years that I'm not current on).

 

There's an article about it if you want to take a look:

https://live.paloaltonetworks.com/t5/Management-Articles/Palo-Alto-Networks-Firewalls-gaming-console...

 

Cheers,

Greg

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!