Recently, I changed my firewall setup at home. I wanted something more versatile that allowed me to do VLANs, Rules, Translations, etc. Simple home networking equipment does not provide the robust networking needs that business grade equipment does.

In that, I work in IT and do many things IT Related, such as Networking (routers, switches, firewalls, wireless, etc,) I wanted to replace my existing 6-year-old home router with something better.

So, I opted for a SonicWALL! What an awesome product! This new firewall is awesome, and I have been able to do many of the networking projects I was hoping to get in place long ago, of course, that’s a whole other story so I will leave it at that.

However, one issue I came across with the SonicWALL is my Xbox One console and the NAT Type. Most home routers support UPnP, this allows certain features and functions to be dynamically set by software or hardware and work without the interaction of the home user.

Hence, when using a home router that supports UPnP the Xbox will work on Xbox Live with a NAT Type of Open, this configuration permits the best experience on Xbox Live because now you can join other multiplayer games and chat, but you can also be the host.

If for whatever reason your Xbox ends up with a NAT type of Moderate or Strict then you end up with issues like folks not being able to hear you on voice chat, or not being able to host a game. You can still join multiplayer games and others may still be able to hear you so long as you joined someone else’s game, but you cannot be the host of a game.

To fix this issue on a router that does not support UPnP such as the SonicWALL, you have to do some port forwarding. There are several ports you have to forward for Xbox Live to ensure that everything works as it should. On the SonicWALL, most folks (from other posts that I have read) have only managed to get the Xbox to connect at a NAT Type: Moderate. But there is a way to get it to the holy grail of “Open”.

Let me show you how to get it to that state…

There are a few details we will need in order to make this work.  Here are the items you need to know:

Xbox MAC Address – Go to the Xbox Settings and find the Advanced Network Settings page. This page will list both the Wired and Wireless MAC Address for the Xbox. Depending on what connection you are using will depend on the MAC address you grab. If the Xbox is Wired use the Wired MAC address, otherwise if it is Wireless use the Wireless MAC address.

In the SonicWALL go to “Network -> DHCP Server” and click on “Add Static”.

In the Static DHCP Scope Settings, add information related to your Xbox One, such as the following:

Remember to replace the IP Addresses with those that are relevant to your network.

Save the information and restart your Xbox to ensure you get the IP address configured on your network.

Note: I noticed on my Xbox that it was not getting the IP address I configured until I cleared the MAC information in the Xbox itself. You perform this by going to the Advanced Network Settings page and selecting the option “Clear MAC Address”. Once that was cleared and the Xbox restarted it was assigned the IP Reservation from the SonicWALL.

Next, you will need to Port Forward the following list of Ports:

  • 53
  • 80
  • 88 (UDP)
  • 500 (UDP)
  • 3074 (TCP and UDP)
  • 3544 (UDP)
  • 4500 (UDP)

In addition, I found the following for Chat:

  • 16000 (TCP and UDP)

Lastly, if the 3074 Port does not work for you, select one of the alternate ports such as 45596, and configure that in the SonicWALL along with the ports above. To find the Alternate Ports on the Xbox go to Port Selection in the Advanced Network Settings. Select Manual ports for a list of ports that can be used. Add these ports to the Xbox Services you create on the SonicWALL.

In the SonicWALL go to Network -> Services

Go down to Services and add a new service for each one required above, this is what your services should look like:

Next, scroll up to Service Groups and add an XBOX_SVCS group, in this group you will add each service that you created above so that it looks like the following:

This allows you to set the Service Group to rules and port forwarders making it easy.

Next, to create the necessary Port Forwarding use the Public Server Wizard, you will find the Wizard at the top of the screen on the right side. Click on Wizard and use the Public Server Wizard.

Select “Other” for Server Type, then select “XBOX_SVCS” for Services.

Name the Server: XBOX-RULE-SET

Enter the IP you configured for the Xbox One IP Reservation, and add a comment.

Next, we will need to modify the NAT Policies that are created, for two reasons. One the SonicWALL will create a new Services Group that places your services group in, this makes it more difficult to read later. Two, by cleaning it up now, it makes it easier to read later.

Locate the following NAT Policies, and modify each one.

The Service section should match for both the Original and Translated, we want the SONICWALL to keep the ports the same going or coming, in both directions because we don’t want them to dynamically change. In the above example, the two important NAT Rules are 2 and 3.

Another change we will make in the SonicWALL is to enable Consistent NAT.

Go to VoIP -> Settings and check “Enable Consistent NAT”

After making these changes, my Xbox has had a NAT Type of Open.

However, so far once or twice the NAT Type on the Xbox has shown as “Strict” or “Moderate”, by then going into my Xbox Advanced Settings and selecting an Alternate Port that is already defined in the SonicWALL and re-testing the NAT Type on the Xbox, it has gone back to a NAT Type of “Open”.

Hope this article helps someone out there who has a SonicWALL and has never been able to get there Xbox One to show NAT Type: Open!