I have T-Mobile home internet and the FWG behind it in router mode. My TorGuard VPN is providing a fixed IP with Xbox live ports open. (They are after testing them constantly)
The FWG however is blocking the ports as the VPN connects but the ports are still closed on my XBOX, any ideas? I have no parental controls on the Xbox, I’ve tried to DMZ it on the FWG, forward the ports on FWG, etc
Thanks!
Are you playing xbox over VPN? and your VPN provider is port forwarding the xbox port?
Not all VPN providers allow/provide port forwarding… This may be the case, even if you’ve opened the ports on your FWG.
So you see blocked flows?
It sounds like you want to forward traffic that’s received on a specific port of your VPN’s public IP address to a port on your Xbox. Is that correct?
If that is correct, I don’t think Firewalla supports this, but I think there is a Feature Request you can upvote here.
Yes I have the VPN running via wireguard on my FWG, I have apply to set to the xbox.
TorGuard is forwarding the ports and they tested them on their end.
The VPN has them open as it’s a static residential IP I pay for. I can go to their site and open them.
No blocked flows on the xbox
I’m basically trying to get an open NAT on my Xbox due to T-Mobile home internet using CGNAT natively which just gives a Moderate NAT.
I’m basically running the VPN client and sending my Xbox traffic through it, it just doesn’t read the open ports on the VPN 
Are you VPN’ing from the Xbox to torguard or connecting the FWG to torguard?
I believe the traffic is hitting your VPN’s port and getting forwarded to your Firewalla. The problem is that there is currently no way to configure Firewalla to forward traffic it receives on a port of a VPN Client’s connection to an internal device on your network (the Xbox, in your case). It can do this for traffic it receives on a port of your WAN, but not yet for VPN Clients. I believe that is what the Feature Request I linked to earlier is about.
You might want to email [email protected] about this. They may be able to remotely configure your Firewalla to do this, even though it is not possible through the UI.
Will try. Thank you for explaining it to me!
any response to this?