02-13-2008 10:25 AM - edited 03-11-2019 05:02 AM
I have a PS3 on my network... How do i tell my pix506e that all traffic to and from that PS3 is ok! I don;t want the pix to block anything to and from that PS3.
as you can guess people are having problems connecting to play games over the internet!
the configuration if attached!
02-13-2008 10:48 AM
All traffic from the PS3 going out is not blocked, but the outside (internet) can not see the PS3. You will need to create a static NAT and add ACL rules to permit the traffic in.
You will need to know the ports the PS3 game uses or you could open the entire IP (not suggested). Here is a link that explains what you need to do as far as creating the statics and ACL for limited ports.
http://kb.packetpros.com/?View=entry&EntryID=22
If you wish to open all ports.
static (inside,outside) interface 10.9.2.206 netmask 255.255.255.255
access-list acl_home permit ip any any
This will break all remote connectivity to your firewall sourced from the outside (ie telnet/SSH for remote management).
HTH
02-13-2008 07:51 PM
Hi,
As long as the communication starts from the inside you don't have to worry about opening ports because inside interface has a "permit ip any any" ACL by default and there's no need to open ports for returning traffic due to stateful connection.
On the other hand, if communication starts from the outside you need to create an static translation as well as to open the ports needed.
The other person recommended to do a static translation using the IP address of the outside interface. You may do so but bear in mind that no one else will be able to go out but the PS3 as the latter will use the only IP address you have.
You may contact Sony about requirements through NAT devices, there are some equipments out there that don't support PAT such as videoconference devices so port forwarding is not an option in those cases.
02-13-2008 07:53 PM
Oh, one more thing. I noticed you're inspecting several protocols... are you really using those??
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
It is not recommended to have inspections for protocols that you're not using.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: