https://community.sophos.com/utm-firewall/f/network-protection-firewall-nat-qos-ips/94077/security-of-xbox-one-placed-in-unfiltered-traffic-zoneI finally got my Sophos UTM Home machine up and running, and so I have several refinement questions I&#39;m struggling with. To help others who may have the same issues, I&#39;m posting them separately rather than all together. This is a security question regardingen-USTelligent Community 12https://community.sophos.com/thread/340660?ContentTypeID=1Mon, 17 Jul 2017 03:15:45 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:d86b56e3-02ec-4534-8f3a-9ab06606b132sachingurung<p>Hi B.H,</p> <p>First, the UTM is a stateful firewall and it doesn&#39;t require a vice-versa rule. Just a simple LAN-WAN rule will be enough and rest will be managed by the connection tracking module. So the firewall rule should be defined like, LAN(XBOX IP) &gt; ANY &gt; WAN. Reason to define ANY services is that to avoid drops if the XBOX console decides to communicate on a random port.</p> <p>DNAT is used to host internal server over the&nbsp;internet, I really think you don&#39;t want to do that. Finally, the bandwidth problem could be associated with IPS and the AV scanning. Try exception for XBOX for the IPS. Refer,&nbsp;<a href="/kb/en-us/120329" target="_blank">Sophos UTM: How to configure the Intrusion Prevention System (IPS)</a>.</p> <p>Thank you,</p><div style="clear:both;"></div>