PAN-OS Bi-Directional NAT and Nintendo Online Gaming

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN-OS Bi-Directional NAT and Nintendo Online Gaming

L1 Bithead

I have a couple of Nintendo consoles on the network which would like to connect for online gaming.

 

I am on a cable connection so am using Dyndns lookup for my external-IP.

 

I have the following Bi-Directional NAT policies configured.  

 

Application Group

screenshot_25.png

 

Security Policy

screenshot_26.png

 

NAT Policy

screenshot_27.png

 

It seems to work with the Wii U but not with the 3DS.

 

Any assistance will be much appreciated.  

 

As a last resort I could dig out my old Draytek router for these hosts but would prefer not too...

 

Thanks.

 

Kind regards

4 REPLIES 4

L3 Networker

> If you can take a packet capture and also see the traffic logs so see what's really happening with the traffic

> And then you can make the required changes in the NAT/Security Policies

> Instead of creating bi-directional try creating separate NAT policy for out going traffic and the incomming traffic

L3 Networker

 

>>>please specify which zone the internal-wiiU belongs

   

You can see the same by the command 

 

test routing fib-lookup virtual-router default ip <ip address>

 

Please see the zone of  the ip address by the above command and make Nat rule accordingly 

 

Thank You 

 

 

 

Cyber Elite
Cyber Elite

Hi There

 

 

to make sure a bidirectional NAT policy works as expected, the proper formatting would need to be trust to untrust

 

 

bidirectional nat

 

 

hope this helps

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hello. 

 

Thanks to all responding.

 

I tried the following but no luck... 

 

screenshot_31.png

 

If I click on 'Highlight Unused Rules', the Bi-Directional NAT rules are highlighted so the traffic is not even hitting those NAT rules.

  • 4032 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!