<<< Gaming Fixes
Xbox live and SonicWall TZ205 setup
In this post I am going to talk about the firewall rules and configurations that are required to allow my son's xbox to talk to Microsoft's Xbox Live servers.
The reason I bought my SonicWall was to protect my local network and so there is no way I am going to compromise my network security just so my son can connect his Xbox.
The Sonicwall TZ205 is excellent piece of hardware and it has, among other many options, the ability to configure 3 addition ports into separate zones. For the purpose of allowing my son to connect his Xbox I am going to configure one of the ports as a DMZ.
Configure Interface
First we need to activate our DMZ port by adding an IP and subnet that differs from one that's used on the internal network. So to do that we need to go to Network → Interfaces and configure our port, I have chosen port X2 and blanked out the IP addresses for obvious reasons
Select configure; and then choose DMZ from the drop down list and give the port a static assignment
I didn't do any changes on advanced tab at all.
Everything was left as the default.
Create Some Xbox Specific Services
In order for our Xbox to access/talk with MS Xbox Live servers we need to add some ports to our firewall and there are quite a few of them:
| Service Name | Protocol | Port Start | Port End |
|---|---|---|---|
| Xbox TCP 10244 | TCP | 10244 | 10244 |
| Xbox TCP 2177 | TCP | 2177 | 2177 |
| Xbox TCP 3074 | TCP | 3074 | 3074 |
| Xbox TCP 3390 | TCP | 3390 | 3390 |
| Xbox TCP 3932 | TCP | 3932 | 3932 |
| Xbox TCP 53 | TCP | 53 | 53 |
| Xbox TCP 5555 | TCP | 5555 | 5555 |
| Xbox TCP 1900 | TCP | 1900 | 1900 |
| Xbox TCP 2177 | TCP | 2177 | 2177 |
| Xbox TCP 3074 | TCP | 3074 | 3074 |
| Xbox TCP 3776 | TCP | 3776 | 3776 |
| Xbox TCP 50004 | TCP | 50004 | 50004 |
| Xbox TCP 5044 | TCP | 5044 | 5044 |
| Xbox TCP 53 | TCP | 53 | 53 |
| Xbox TCP 7777 | TCP | 7777 | 7777 |
| Xbox TCP 88 | TCP | 88 | 88 |
Some of these may already exist on your firewall but it doesn't hurt to duplicate port numbers and so for clarity I recommend that you create the list as defined here via:
Firewall → Services Objects → Services → Add
Create Xbox Service Group
Then to make it easier to assign the services to the DMZ, create a Service group and assign all of the Xbox services to the group via:
Firewall → Services Objects → Service Groups → Add
Finally we need to apply all of that to our DMZ port in order for external server to access our Xbox on the DMZ and to do that we need to go to
Firewall → Access Rules → Add
Then configure the new rule thus
| • | From Zone: | WAN |
| • | To Zone: | DMZ |
| • | Service: | Xbox Services |
| • | Source: | Any |
| • | Destination: | WAN Primary IP |
| • | Users Allowed: | All |
| • | Schedule: | Always On |
The final step is to configure your Xbox with a static address on the same subnet as the DMZ that you have just created
| • | IP Settings: | Manual |
| • | To Address: | [Non Routable Address] |
| • | Subnet Mask: | 255.255.255.0 |
| • | Gateway: | [Address of DNZ] |
| • | DNS Settings: | Manual |
| • | Primary DNS Server: | [Whatever your PC says] |
| • | Secondary DNS Server: | [Whatever your PC says] |