Games consoles behind a PA-500

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Games consoles behind a PA-500

Not applicable

Good afternoon all,

We are trialling a PA-500 at the moment and so far very impressed with the device.  We have managed to configure everything we are likely to need to do through the firewall but this isn't a show stopping question/issue.

We have multiple Xbox 360's and Playstation 3's here and the number will be increasing.  We would like to be able to do multiplayer gaming in general from these consoles.  Once we get our full infrastructure in place we will be placing them in their own VLAN's to segment them from the network.

At the moment, we sit the consoles outside of the firewall with public IP's allowing us to do full multiplayer gaming sessions.  I know uPNP is a big no no on corporate networks however I was wondering if there is a way to allow uPNP from a certain VLAN and/or for a certain application?

As a backup plan I think it is possible to do multiple inbound PAT however this could be a high overhead in terms of administering it with which Xbox is currently switched on and/or hosting a game.

I know the PA can recognise Xbox live traffic, so was just curious about the easiest way to go about it.

Many thanks in advance

1 accepted solution

Accepted Solutions

L3 Networker

currently the pa can detect the various online gaming for xbox, wii, etc. All you will need to do is create a rule allow those application inbound and outbound.

View solution in original post

3 REPLIES 3

L3 Networker

currently the pa can detect the various online gaming for xbox, wii, etc. All you will need to do is create a rule allow those application inbound and outbound.

>currently the pa can detect the various online gaming for xbox, wii, etc. All you will need to do is create a rule allow those >application inbound and outbound.

 

Hello,

 

Could you please elaborate or provide an example?

 

We have the same requirement but was not sucessfull with the bi-direction or static NAT'ing policies or rules (wth the respective App-ID's)..

 

 

L7 Applicator

uPNP is not something that can be allowed through the firewall. As it is inherently insecure, you would need to do 1-to-1 NAT to get the full capabilities of the Xbox/PS platforms. Without the 1-to-1 NAT, you'll still be able to get online to download updates or new games, browse the respective marketplaces, etc., but you won't be able to host a multiplayer game (unless something has changed in the last couple years that I'm not current on).

 

There's an article about it if you want to take a look:

https://live.paloaltonetworks.com/t5/Management-Articles/Palo-Alto-Networks-Firewalls-gaming-console...

 

Cheers,

Greg

  • 1 accepted solution
  • 4024 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!