No wrath like a pre-teen gamer scorned

Question

Hey guys back again with my newbie issues. So I have the UTM up and running without issues and every device in the entire house is connected either wired through a switch or wireless over an AP and happily running traffic through the UTM. All except one... My 12 year old brother-in-laws PS4. This young man does nothing but play online when he gets home from school so when I told him he might be out of commission for a couple hours while I setup the 'internet' he was a little miffed but didn't complain much. When the two hours were up and I was still not finished he took to following me back and forth from ps4 to WebAdmin and making occasional comments like, "Maybe you shouldn't try doing things you don't really know how to do." After four hours his mental state had degraded significantly. If I can't get this figured out I may have to commit the poor guy. 
 Here is what I have tried: 
 I have the UTM acting as a DHCP server and all the other wireless devices are getting leases through the AP and working fine. I have given the Playstation a static IP assignment and defined it as a host. I have created a firewall rule for the PS4 network definition that is PS4->Any->Any. Setup Application Control to allow Playstation Network for the PS4. Turned off IPS and ATP, created an exception in Country Blocking for the PS4. Turned off Web Filtering. ICMP is allowed through the gateway from the internal network. 
 Thing is I can't find any trace of the PS4's IP in the firewall or Application Control logs(again, IPS and APT are disabled). It doesn't appear that the PS4 is even attempting to get through(I know this is probably false). I have tried a wired connection to the switch as well, same deal. 
 The PS4 gets an IP no problem but the instant it gets to the test connection step it fails immediately. Shouldn't be a port issue, the any rule should take care of that(it is enabled). I am going to try to contact Sony to find out what exactly takes place during the test but I doubt it will get me anything(besides one more grey hair). I would assume it just pings the Playstation Network server which should be fine. I need a tool like wireshark for the PS4 to get a look into the issue better but I don't think one exists. 
 I have tried manually inputting the settings on the PS4 and letting it auto assign and both yielded the same issue. It shows the correct static IP, the correct ISP DNS1 and DNS2(getting these from the DNS forwarder in the UTM) but has 0.0.0.0 as default gateway and Failed as NAT Type. 
 Any help greatly appreciated!

DouglasFoster · Accepted Answer

Perhaps you would be doing his future wife a favor by leaving it broken... But to your question: 
 Others have posted that it is critical that a static IP be configured outside of any DHCP scope configured on UTM. 
 I was confused by the comment that it "gets an IP" during testing. Is there any chance that it is still asking for a DHCP address and therefore getting something different than the standard one you intended it to use? 
 You could get these symptoms if the any of the manually-configured subnet mask, DNS servers, or default gateway settings are incorrect. 
 Suggest switching back to DHCP (which should ensure that the settings are usable), then determine the settings that it is using for the moment. Assign your exceptions until it is working. A good way to do this would be to create a HOST object (if you con't have one already) and link it to the DHCP-assigned IP address, and assign the exceptions to that object. 
 Once you have it working with that address, change the IP address of the host object back to the static one, and reconfigure the machine to the static address, being careful to configure the DNS, Gateway, and Subnet mask correctly at the same time.