I am posting this question...and the answer I found...here in this forum in the hopes that it will help others who may encounter the same issues. I'm still new to the world of UTMs, so if I've misstated/misunderstood anything, or any of the experts have anything additional to add, please feel free to chime in!
Originally when I set up my UTM, I had all kinds of trouble with my XBox One gaining access to XBox Live. From my research here, and my familiarity with the XBox Live service and having to do port-forwarding with my modem/wifi-router, I quickly realized that I needed to do something similar with the UTM. So:
- I established a group Network Services definition for "XBox Live" (under Definitions and Users), and included all of the ports needed for XBox Live (you can Google it to get the current list).
- I then set up an "allow" firewall rule for my XBox One and XBox 360 using "XBox Live" services (to any IP address).
However, my XBox continued to complain about slow traffic, and although I could reach the internet, I had no/slow access to multiplayer services. Additional research led me to realize that:
- I needed to provide an exclusion in Intrusion Prevention for all XBox Live traffic.
Intrusion Prevention includes what appears to be a set of powerful deep-scanning tools to analyze incoming traffic for trouble, but these measures can slow that traffic noticeably. You can exclude trusted traffic in the Intrusion Prevention menu (there is an Exclusions tab).
After all this, I could access the internet and XBox live...but I could not successfully start multiplayer games like Overwatch. I did some more digging on the internet in general, and I found a crucial bit of information: although the XBox Live service has its own specific set of ports used, the makers of certain multiplayer games may use other ports as well. I stumbled upon this by accident; another user was wondering about this online.
- I went back and changed my firewall rule simply to "allow XBox One/XBox 360 using ANY services."
Since then I've had no issues (after two weeks of not being able to play online!), although I'm a bit worried about the security of such a rule...I've heard of people writing rogue code to turn various IoT devices into bots (I even asked about it in a separate thread). I'm currently operating under the assumption that I have to trust XBox Live (and Blizzard, etc.) that they would not allow hostile code on their servers. I guess it's kind of like life (you have to trust someone sometimes!)
So by now you may be asking: why worry about defining XBox Live services at all? I kept my own definitions because they may come in handy for other rules/policies/exclusions later...however, if you prefer, you can simply skip that step.
I hope this helps someone...we gamers are like coffee drinkers: life can get a little twitchy for us when we aren't able to get our fix here and there! :-D
This thread was automatically locked due to age.
