Watchguard M400 and Xbox One
Hi guys!
I have using M400 for first time I built my own rack and putting M400 in to connect with Aruba Switch and Aruba WiFi. The ISP is Verizon FiOS Gigabit. Getting 940/940 with this M400!
Anyway, I have Xbox One X at living room so while I try to play game, it required to update a game patch, the download started. Then it stopped around 2GB of 8GB. It doesn't do anything. Tried reboot Xbox and reset network. Still nothing work… My iPhone use hotspot, it worked and download then switch to our network. It downloaded then stopped another 1-2GB. Must be firewall that block something. Let me know if you have fixed this issue.
BTW, I have port forwarding on it, NAT is open so only thing is downloading game or update patch which stop around 1-2GB. No idea why it doing like that.
Comments
Hi @glbserver2017
By default the firewall will allow everything outbound.
I'd suggest starting by looking at your traffic monitor logs. If the firewall is denying anything, you should see it show up as a red deny line. Based on what service denies it or what is denied, you'll need to allow the traffic from there.
If you need assistance with this, I'd suggest opening a support case, and one of our reps can help you.
-James Carson
WatchGuard Customer Support
Sure I take a look into traffic monitor logs and see if there is red deny line show up from Xbox One's IP address.
This is very odd, I don't see any red denying line. The Xbox One downloading still not working...
Screenshot - https://ibb.co/bKMJ0hP
Possibly it come from Proxy Actions. Found the denying line. It is cause of this Proxy Actions. It won't let me disable it. Any suggestion?
2020-06-02 21:19:13 Deny 192.168.1.18 151.205.0.125 http/tcp 50005 80 1-Trusted 0-External ProxyDeny: HTTP Body Content Type match (HTTP-proxy-00) proc_id="http-proxy" rc="595" msg_id="1AFF-0012" proxy_act="Default-HTTP-Client" rule_name="Windows EXE/DLL"
your options:
1) open a support incident
2) add an Any packet filter From: the IP addr of your Xbox To: Any -external
Move this policy to the top of the policy list (Manual Order mode)
If this resolves the issue, then there it is likely that some policy which in your config somehow was causing the failure to download the full file.
ProxyDeny: HTTP Body Content Type match "Windows EXE/DLL"
On your HTTPS proxy -> HTTP proxy action, you can unselect the Body Content Type deny for "Windows EXE/DLL"
OR - you can add a specific policy for your Xbox IP addr to not prevent the download of "Windows EXE/DLL" files
It worked! Thank you! I keep this in my mind next time if I have to reconfiguration.
WHAT step worked? If you just disabled blocking of Windows EXE/DLL files on your main HTTPS proxy -> HTTP proxy action, you just killed one of the biggest protections WatchGuard has in it, UNLESS you ONLY did that for the IP address of the Xbox as Bruce first stated with his "2) add an Any packet filter From: the IP addr of your Xbox" suggestion.
Gregg Hill
Keep in mind that not all things denied get a red line. A "ProxyStrip" action is denying something, but its line will be GREEN...very deceiving. Also, not all denies are logged by default unless recent firmware has changed settings.
Gregg Hill
Do you have a HTTP or HTTPS proxy in your config?
Do you see a Deny log message with HTTP Body Content Type match in Traffic Monitor From: the IP addr of your Xbox, similar to the Deny message shown above?
If so, you can add a HTTP or HTTPS packet filter From: your Xbox IP addr To Any-external
If not, what deny log messages from you Xbox are you seeing?