Jump to content
RESET Forums (homeservershow.com)

For Anyone Still on Sophos UTM 9.3, There is a New Update.

itGeeks

By itGeeks,
in Networking

 Share

Recommended Posts

itGeeks HSS Master

itGeeks

Posted
  • Author
Posted

security update to openSSL is always exciting to me! :)

Well someone has to get excited about an update to openSSL it may as well be you :) Glad I was able to make your day.

Link to comment
Share on other sites
Jason HSS Master

Jason

Posted
Posted

Am still on UTM 9.3 for the foreseeable future. Am trying to put a PS4 console on the "DMZ" from a consumer router standpoint. In other words, give the PS4 a static IP and open all ports to it to/from the Internet.

 

I recognize in Sophos UTM this would warrant the creation of a new interface (called DMZ) on an unused NIC. But I have one Ethernet connection coming out of my Sophos LAN interface (NIC) going into a single Gigabit switch that my PS4 connects to across the house.

 

Is there a way to essentially give the PS4 open access to the Internet/WAN without setting up a new DMZ interface in Sophos?

 

I've read this might be accomplished using a VLAN but I've never set one up.

 

Wasn't sure whether I could have 2 Ethernet cables forming out of Sophos UTM into the same switch - 1 for LAN and 1 for DMZ? To get the PS4 working off of the DMZ.

 

Not sure of best way to do this?

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
itGeeks HSS Master

itGeeks

Posted
  • Author
Posted (edited)

Am still on UTM 9.3 for the foreseeable future. Am trying to put a PS4 console on the "DMZ" from a consumer router standpoint. In other words, give the PS4 a static IP and open all ports to it to/from the Internet.

 

I recognize in Sophos UTM this would warrant the creation of a new interface (called DMZ) on an unused NIC. But I have one Ethernet connection coming out of my Sophos LAN interface (NIC) going into a single Gigabit switch that my PS4 connects to across the house.

 

Is there a way to essentially give the PS4 open access to the Internet/WAN without setting up a new DMZ interface in Sophos?

 

I've read this might be accomplished using a VLAN but I've never set one up.

 

Wasn't sure whether I could have 2 Ethernet cables forming out of Sophos UTM into the same switch - 1 for LAN and 1 for DMZ? To get the PS4 working off of the DMZ.

 

Not sure of best way to do this?

 

 

Sent from my iPhone using Tapatalk

Jason there is no need to setup a DMZ or VLANS for gaming consoles. I had several gaming consoles behind UTM9.x with no problem at all. I don't use UTM9 anymore in favor of Sophos XG so give me a bit of time to see if I can dig up my old rules in how I did this. I would never setup any gaming consoles in a DMZ, VLANS maybe but not necessary.

 

OK I found my old UTM rules, Here is what I did. You need to give your gaming consoles a static IP either threw static-dhcp of UTM9 or threw the NIC properties of the gaming console, I prefer static-DHCP. Then in UTM9 open up web protection->filter options->misc and add the gaming consoles to the "skip transparent mode"-> source Hosts/Nets. That's it.

Edited by itGeeks
  • Like 2
Link to comment
Share on other sites
Jason HSS Master

Jason

Posted
Posted

Thank you very much. I've googled up and down and found so many variations of port forwarding rules...even on Sony's forums. PS4 worked great until I tried to play PlayStation Now game streaming and it reported my connectivity was too slow on a 50/10 Mbit business class cable connection. Clearly it's something else. This prompted me to put this console on the "DMZ" in concept.

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
itGeeks HSS Master

itGeeks

Posted
  • Author
Posted (edited)

Thank you very much. I've googled up and down and found so many variations of port forwarding rules...even on Sony's forums. PS4 worked great until I tried to play PlayStation Now game streaming and it reported my connectivity was too slow on a 50/10 Mbit business class cable connection. Clearly it's something else. This prompted me to put this console on the "DMZ" in concept.

 

 

Sent from my iPhone using Tapatalk

Yes I know exactly what your going threw. There are a million ans for gaming consoles behind Sophos and none of them fully solve the problem. Follow my directions below-

 

OK I found my old UTM rules, Here is what I did. You need to give your gaming consoles a static IP either threw static-dhcp of UTM9 or threw the NIC properties of the gaming console, I prefer static-DHCP. Then in UTM9 open up web protection->filter options->misc and add the gaming consoles to the "skip transparent mode"-> source Hosts/Nets. That's it, I had several gaming consoles working with this configuration and never had a problem. Please post back your results. I don't think I missed anything with my instructions but if it does not work for you I will dig deeper for what else I mite of done but either way this step need to be done. There is no port forwarding, DMZ or VLAN needed. Good luck

Edited by itGeeks
Link to comment
Share on other sites
Jason HSS Master

Jason

Posted
Posted

Doesn't this just address the outbound connectivity from the PS4 device TO the internet?  How do you put the PS4 out on the internet in front of the firewall with no inbound port blocking?

Link to comment
Share on other sites
itGeeks HSS Master

itGeeks

Posted
  • Author
Posted (edited)

Doesn't this just address the outbound connectivity from the PS4 device TO the internet?  How do you put the PS4 out on the internet in front of the firewall with no inbound port blocking?

Y would you want to put the PS4 out on the internet in front of your firewall wide open? Y do you need no inbound port blocking?? You don't need to do this for gaming to work, The way it works is the gaming console or any device on your lan establishes an outbound connection on what ever port so the communication is allowed threw as long as you allow the outbound communication all is fine. What your describing is the reverse think of a web server sitting on your local lan, In this case the web server does not make the outbound request but rather the client on the internet make the request hens you need port forwarding to allow the communication threw the firewall. What causes all the trouble with gaming consoles is the "web proxy" and that's what my directions above help you solve. Sorry if this is not clear to you, Maybe someone else could cleanup my wording and explain better.

Edited by itGeeks
Link to comment
Share on other sites
itGeeks HSS Master

itGeeks

Posted
  • Author
Posted (edited)

Doesn't this just address the outbound connectivity from the PS4 device TO the internet?  How do you put the PS4 out on the internet in front of the firewall with no inbound port blocking?

Sorry I tried to edit my post above but could not. You may also be able to solve the proxy problem from the PS4 instead of from UTM following my direction above but I have not tried to this way. Take a look at the link for directions on setting up PS4 behind a "web proxy" https://help.my-private-network.co.uk/support/solutions/articles/8451-configuring-ps4-to-use-proxy-server

 

As I said I have never tried to fix the proxy at the gaming console I have always dealt with it @ the UTM but you can try it and see what happens. Please post back with an update.

Edited by itGeeks
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...