Watchguard M400 and Xbox One

Hi guys!

I have using M400 for first time I built my own rack and putting M400 in to connect with Aruba Switch and Aruba WiFi. The ISP is Verizon FiOS Gigabit. Getting 940/940 with this M400!

Anyway, I have Xbox One X at living room so while I try to play game, it required to update a game patch, the download started. Then it stopped around 2GB of 8GB. It doesn't do anything. Tried reboot Xbox and reset network. Still nothing work… My iPhone use hotspot, it worked and download then switch to our network. It downloaded then stopped another 1-2GB. Must be firewall that block something. Let me know if you have fixed this issue.

BTW, I have port forwarding on it, NAT is open so only thing is downloading game or update patch which stop around 1-2GB. No idea why it doing like that.


  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @glbserver2017

    By default the firewall will allow everything outbound.

    I'd suggest starting by looking at your traffic monitor logs. If the firewall is denying anything, you should see it show up as a red deny line. Based on what service denies it or what is denied, you'll need to allow the traffic from there.

    If you need assistance with this, I'd suggest opening a support case, and one of our reps can help you.

    -James Carson
    WatchGuard Customer Support

  • Sure I take a look into traffic monitor logs and see if there is red deny line show up from Xbox One's IP address.

  • This is very odd, I don't see any red denying line. The Xbox One downloading still not working...

    Screenshot -

  • Possibly it come from Proxy Actions. Found the denying line. It is cause of this Proxy Actions. It won't let me disable it. Any suggestion?

    2020-06-02 21:19:13 Deny http/tcp 50005 80 1-Trusted 0-External ProxyDeny: HTTP Body Content Type match (HTTP-proxy-00) proc_id="http-proxy" rc="595" msg_id="1AFF-0012" proxy_act="Default-HTTP-Client" rule_name="Windows EXE/DLL"

  • your options:
    1) open a support incident

    2) add an Any packet filter From: the IP addr of your Xbox To: Any -external
    Move this policy to the top of the policy list (Manual Order mode)
    If this resolves the issue, then there it is likely that some policy which in your config somehow was causing the failure to download the full file.

  • edited June 2020

    ProxyDeny: HTTP Body Content Type match "Windows EXE/DLL"

    On your HTTPS proxy -> HTTP proxy action, you can unselect the Body Content Type deny for "Windows EXE/DLL"
    OR - you can add a specific policy for your Xbox IP addr to not prevent the download of "Windows EXE/DLL" files

  • It worked! Thank you! I keep this in my mind next time if I have to reconfiguration.

  • WHAT step worked? If you just disabled blocking of Windows EXE/DLL files on your main HTTPS proxy -> HTTP proxy action, you just killed one of the biggest protections WatchGuard has in it, UNLESS you ONLY did that for the IP address of the Xbox as Bruce first stated with his "2) add an Any packet filter From: the IP addr of your Xbox" suggestion.

    Gregg Hill

  • @glbserver2017 said:
    This is very odd, I don't see any red denying line. The Xbox One downloading still not working...

    Screenshot -

    Keep in mind that not all things denied get a red line. A "ProxyStrip" action is denying something, but its line will be GREEN...very deceiving. Also, not all denies are logged by default unless recent firmware has changed settings.

    Gregg Hill

  • Hey @glbserver2017 I am in the very same boat right now and I have a WatchGuard as my home router & firewall, can you please tell me what settings/rules to go into and change? I was unable to follow the above instructions 😭
  • @Greg_Gilbraith or @Bruce_Briggs I would love your guidance on what settings/rules I need to change as I’m having the very same issue as this user’s post. I want to be sure I’m creating the proper rule and keeping everything still safe and secure while of course allowing the Xbox to fully apply updates as it goes about ~ 10 % of an update and will go to an installation stopped. (& it’s not on Microsoft or Xbox as I’ve had them ship me a new one)
  • Do you have a HTTP or HTTPS proxy in your config?

    Do you see a Deny log message with HTTP Body Content Type match in Traffic Monitor From: the IP addr of your Xbox, similar to the Deny message shown above?

    If so, you can add a HTTP or HTTPS packet filter From: your Xbox IP addr To Any-external

    If not, what deny log messages from you Xbox are you seeing?

Sign In to comment.