The Juniper firewalls do not have an Application Layer Gateway (ALG) for xbox.

Are these the ports you opened up?
http://support.microsoft.com/kb/911728

If so, the next time you encounter the slow connection, try clearing the sessions related to the xbox using the 'clear session' command.  If you enter clear session ?, you can see the different options to clear by. It may be easier to do it by 'dst-port'.

Let us know if that works for determining the next step.
Hopefully someone else out there can add some help too.

--Josine

Have you enabled Multi-port VIP?  What is the result for NAT when you run a connection test on the XBox?  I had to enable multi-port VIP and forward the necessary ports listed in the KB to get an "Open" result.

ScreenoS 5.4 and 6.0

 

All i had to do was allow an outbound any from the xbox and it works great no vip or inbound rules. In addtion i had to tweak the source ip based session limit, udp flood protection a bit.

 

http://support.microsoft.com/kb/908874

 

Try doing a debug or if it still doesn't work

So when you do a connection test within Live!, what does your NAT status come up as?  I found that I couldn't get it to be open unless I forwarded the ports over.

 

What did you tweak exactly?  I'm always getting alerts after I play  

i am able to get the network test on my xbox to return the result open when its connected to my ns5gt wireless.

 

I made Three Services
Xbox Live 1 -
UDP scr port: 0 - 65535 dst port 3074-3074
TCP scr port: 0 - 65535 dst port 3074-3074
TCP scr port: 0 - 65535 dst port 88-88
Timeout Never
Xbox Live 2 -
UDP scr port: 0 - 65535 dst port 3074-3074
TCP scr port: 0 - 65535 dst port 3074-3074
Timeout 30
Xbox Live 3 -
TCP scr port: 0 - 65535 dst port 88-88
timeout 30

 

added a VIP service for Xbox Live 2 and Xbox Live
3 pointing to my Xbox's Static Assigned IP address.
Instructions:

 

Virtual Port should be the port of Live 2, Service should point to Live 2,Map to IP should be the static assigned IP of your 360.
Server Auto Detect should be False.
Repeat for Live 3.

 

On the Policies Page I added a new policy from Source Any to VIP::1 for the
Multiple Services of Xbox Live 1, Xbox Live 2, and Xbox Live 3.
Instructions:
Web Management Page -> Policies-> Select From Untrust -> Select To Trust ->
Click New->
Give it the name you want,
Select Address book entry Any for source address
Select Address book entry VIP::1 for destination Address
For Service Click Multiple Add Xbox Live 1, 2 & 3

hi ppaiva,

 

I am having the same trouble you are with my SSG-5 and Xbox Live.  I was wondering if found a solution?

 

Sangmc,  I've tried setting up my ssg the same way however still receive the strict NAT popup from my xbox.

hey folks,

 

is this resolved? It appears one person doesn't use the services and another does.. which works on 6.1?

 

thanks,

Reg

Hey Reg,

 

Glad you asked that.  I've had trouble for some time in trying to get my SSG-20 to register as 'open nat' on Xbox Live.  I followed the instructions on the MS KB article and opened up the Xbox Live ports, along with trying most of the approaches listed on this thread (multi-port VIP forwarding of the Xbox live ports, disabling 'server auto detect' on VIP), but my firewall is still seen as 'Strict Nat' on Xbox Live.  I recently upgraded the firmware from 6.1.0r4 to 6.2.0r4 in hopes that it would help, but it appears to have made no difference in gaining 'open nat'.  Suggestions?

 

Thanks,

This is still an issue for me... NAT Strict... anyone else with suggestions?