Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
765
Views
0
Helpful
3
Replies

PS3

Danny Guillory Jr
Level 1
Level 1

‎02-13-2008 10:25 AM - edited ‎03-11-2019 05:02 AM

I have a PS3 on my network... How do i tell my pix506e that all traffic to and from that PS3 is ok! I don;t want the pix to block anything to and from that PS3.

as you can guess people are having problems connecting to play games over the internet!

the configuration if attached!

Labels:
Preview file
2 KB
0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

‎02-13-2008 10:48 AM

All traffic from the PS3 going out is not blocked, but the outside (internet) can not see the PS3. You will need to create a static NAT and add ACL rules to permit the traffic in.

You will need to know the ports the PS3 game uses or you could open the entire IP (not suggested). Here is a link that explains what you need to do as far as creating the statics and ACL for limited ports.

http://kb.packetpros.com/?View=entry&EntryID=22

If you wish to open all ports.

static (inside,outside) interface 10.9.2.206 netmask 255.255.255.255

access-list acl_home permit ip any any

This will break all remote connectivity to your firewall sourced from the outside (ie telnet/SSH for remote management).

HTH

0 Helpful

jojuarez
Level 1
Level 1

‎02-13-2008 07:51 PM

Hi,

As long as the communication starts from the inside you don't have to worry about opening ports because inside interface has a "permit ip any any" ACL by default and there's no need to open ports for returning traffic due to stateful connection.

On the other hand, if communication starts from the outside you need to create an static translation as well as to open the ports needed.

The other person recommended to do a static translation using the IP address of the outside interface. You may do so but bear in mind that no one else will be able to go out but the PS3 as the latter will use the only IP address you have.

You may contact Sony about requirements through NAT devices, there are some equipments out there that don't support PAT such as videoconference devices so port forwarding is not an option in those cases.

0 Helpful

jojuarez
Level 1
Level 1

‎02-13-2008 07:53 PM

Oh, one more thing. I noticed you're inspecting several protocols... are you really using those??

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

It is not recommended to have inspections for protocols that you're not using.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card