https://community.cisco.com/t5/network-security/ps3/m-p/842593#M955136 <HTML><HEAD></HEAD><BODY><P>All traffic from the PS3 going out is not blocked, but the outside (internet) can not see the PS3. You will need to create a static NAT and add ACL rules to permit the traffic in.</P><P></P><P>You will need to know the ports the PS3 game uses or you could open the entire IP (not suggested). Here is a link that explains what you need to do as far as creating the statics and ACL for limited ports.</P><P></P><P><A class="jive-link-custom" href="http://kb.packetpros.com/?View=entry&amp;EntryID=22" target="_blank">http://kb.packetpros.com/?View=entry&amp;EntryID=22</A></P><P></P><P>If you wish to open all ports.</P><P><B></B></P><P>static (inside,outside) interface 10.9.2.206 netmask 255.255.255.255</P><P>access-list acl_home permit ip any any</P><P></P><P>This will break all remote connectivity to your firewall sourced from the outside (ie telnet/SSH for remote management).</P><P></P><P>HTH</P></BODY></HTML> Wed, 13 Feb 2008 18:48:09 GMT Collin Clark 2008-02-13T18:48:09Z https://community.cisco.com/t5/network-security/ps3/m-p/842592#M955135 <P>I have a PS3 on my network... How do i tell my pix506e that all traffic to and from that PS3 is ok! I don;t want the pix to block anything to and from that PS3.</P><P></P><P>as you can guess people are having problems connecting to play games over the internet!</P><P></P><P>the configuration if attached!</P><P></P><P> </P><P></P> Mon, 11 Mar 2019 12:02:24 GMT https://community.cisco.com/t5/network-security/ps3/m-p/842592#M955135 Danny Guillory Jr 2019-03-11T12:02:24Z https://community.cisco.com/t5/network-security/ps3/m-p/842593#M955136 <HTML><HEAD></HEAD><BODY><P>All traffic from the PS3 going out is not blocked, but the outside (internet) can not see the PS3. You will need to create a static NAT and add ACL rules to permit the traffic in.</P><P></P><P>You will need to know the ports the PS3 game uses or you could open the entire IP (not suggested). Here is a link that explains what you need to do as far as creating the statics and ACL for limited ports.</P><P></P><P><A class="jive-link-custom" href="http://kb.packetpros.com/?View=entry&amp;EntryID=22" target="_blank">http://kb.packetpros.com/?View=entry&amp;EntryID=22</A></P><P></P><P>If you wish to open all ports.</P><P><B></B></P><P>static (inside,outside) interface 10.9.2.206 netmask 255.255.255.255</P><P>access-list acl_home permit ip any any</P><P></P><P>This will break all remote connectivity to your firewall sourced from the outside (ie telnet/SSH for remote management).</P><P></P><P>HTH</P></BODY></HTML> Wed, 13 Feb 2008 18:48:09 GMT https://community.cisco.com/t5/network-security/ps3/m-p/842593#M955136 Collin Clark 2008-02-13T18:48:09Z https://community.cisco.com/t5/network-security/ps3/m-p/842594#M955137 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As long as the communication starts from the inside you don't have to worry about opening ports because inside interface has a "permit ip any any" ACL by default and there's no need to open ports for returning traffic due to stateful connection.</P><P></P><P>On the other hand, if communication starts from the outside you need to create an static translation as well as to open the ports needed.</P><P></P><P>The other person recommended to do a static translation using the IP address of the outside interface. You may do so but bear in mind that no one else will be able to go out but the PS3 as the latter will use the only IP address you have.</P><P></P><P>You may contact Sony about requirements through NAT devices, there are some equipments out there that don't support PAT such as videoconference devices so port forwarding is not an option in those cases.</P></BODY></HTML> Thu, 14 Feb 2008 03:51:56 GMT https://community.cisco.com/t5/network-security/ps3/m-p/842594#M955137 jojuarez 2008-02-14T03:51:56Z https://community.cisco.com/t5/network-security/ps3/m-p/842595#M955138 <HTML><HEAD></HEAD><BODY><P>Oh, one more thing. I noticed you're inspecting several protocols... are you really using those??</P><P></P><P>fixup protocol dns maximum-length 512</P><P>fixup protocol ftp 21</P><P>fixup protocol h323 h225 1720</P><P>fixup protocol h323 ras 1718-1719</P><P>fixup protocol http 80</P><P>fixup protocol rsh 514</P><P>fixup protocol rtsp 554</P><P>fixup protocol sip 5060</P><P>fixup protocol sip udp 5060</P><P>fixup protocol skinny 2000</P><P>fixup protocol smtp 25</P><P>fixup protocol sqlnet 1521</P><P>fixup protocol tftp 69</P><P></P><P>It is not recommended to have inspections for protocols that you're not using.</P></BODY></HTML> Thu, 14 Feb 2008 03:53:58 GMT https://community.cisco.com/t5/network-security/ps3/m-p/842595#M955138 jojuarez 2008-02-14T03:53:58Z