Screen OS

I have public static IP's NAT'ed to DMZ with all ANY-ANY allowed from Untrust -> DMZ and DMZ -> Untrust (for testing) on an SSG-5. They are passing traffic fine.

The Sony PS3 game console in the DMZ detects its connection type as "NAT type 3: strict", which is Sony speak for a NAT connection with all ports closed. (They also have NAT type 2: NAT with all ports open, and NAT type 1, which isn't NAT at all, but statically routed public IP's to the console).

But all ports are open (verified by Juniper support guy who got console) and the unit is passing traffic. Does anyone know of a workaround/solution to make PS3's agree they're behind a NAT with open ports. Without this, some in-game functions won't work for various folks who are upset about it. I'm testing routing a public static IP to the console to verify, but that seems like an awful waste of IP's, especially with multiple PS3's in the DMZ.

You'll need a MIP for each PS3 to make this work correctly, so basically you'll need 1 public IP per PS3 anyway.

The SSG is a "business-class" firewall, not a home router, and as such things like game consoles aren't really catered to.  In order to have multiple gaming consoles behind a single public IP, you have to have a firewall that supports UPnP.  The SSG (and SRX) do *not* support UPnP, nor should they.

Thanks for the help, I'm trying to find a way to make this happen so the PS3 folks != unhappy. I have started a separate thread on whether I can both NAT and Route on the same interface, and have started to get more public IP's to make my setup work.