Tivo will not update

Question

I've read through everything I can find on how to get a Tivo to connect to the update service, but cannot figure this out. 
 I've followed what I have read, and so far nothing has worked. 
 As of now, I have the following setup, and it will not connect...I keep getting the same TCP port error messages. 
 In Firewall Rules: 
 Source : Internal (Network) [have also tried the static IP of the tivo, a tivo network definition, etc.] 
 Services: All Tivo TCP ports: 37,7288,7287,8080,8081,5005, 5223, 8000, 8080:8089 & UDP: 37, 123 
 Destination: Internet IPv4 [have also tried with just the tivo servers identified on the tivo site in a network group] 
 I also have the tivo urls I have seen in my Firewall log skipped in Web Protection for all filters (status, service, & singlemind.tivo.com) 
 I tried following some of the older posts on how to enable, it, but that seemed like an older version of UTM, and I couldn't follow how to setup the NAT section. But I tried using a TIVO service group, Tivo network, etc., but couldn't make it work. 
 I don't have any issues browsing the web with either a wired or wireless connection. The Tivo is wireless to my Asus router, which is now in AP mode. So it has an IP direct from the UTM, in the main Internal network. It is static, with a Static Mapping. 
 Any assistance is greatly appreciated. Getting tired of switching out my old router to get updates... 
 Thx

RobertBurri · Accepted Answer

Solution found finally! 
 On the suggestion of a firewall guy at work (thx Gus if you read this!), I added the following NAT Masquerade rule: 
 TivoNetwork (just the Tivo IP) --> WAN 
 And it connected and has now downloaded all updates...took quite awhile! 
 I will proceed with rolling back all the things I tried, clean it all up a little, tighten the security on it, and post the final solution for anyone else who runs into this in the future. 
 [:D]

RobertBurri · Answer

My final settings: 
 Firewall Rule (Network Protection / Firewall) Source : Tivo IP Service: TivoServices group that included all the services listed in my first post, these are every port from the troubleshooting page and what my Tivo says is required Destination: Tivo Group that includes all IPs listed on the Tivo troubleshooting page 
 NAT Rule (Network Protection / NAT / Masquerading) Network: TivoNetwork (just the Tivo IP) Interface: WAN Web Filter (Web Protection / Filter Profiles / Filter Actions) Default content filter action / Websites / Allowed Sites: tivo.com domain (include subdomains) Trusted Site (Web Protection / Filtering Options / Websites) tivo.com domain / include subdomains / Do not override / Reputation: Trusted 
 I have a feeling removing the last two (Web Filter and Trusted Site) would still work, but they seem logical to me, and perhaps make any communication with tivo.com a little more responsive...so I am leaving them. 
 Hopefully this helps others...in the end it wasn't a lot, but just took awhile to figure it all out.