Bearbeitet von sickmonkeh: 11/20/2016 9:26:33 AM[b]*** Updated for Clarity ***[/b] [b]How to Fix the Local LAN FireTeam Issue[/b] [b]UPNP Info[/b]: [url]https://en.wikipedia.org/wiki/Universal_Plug_and_Play[/url] It helps to have an understanding of how UPNP works. What I was seeing on my wireless network was not the expected result of the SSDP protocol, so I had to make a change in order to isolate the SSDP traffic I wanted, on a network that wasn't filled with devices trying to respond to the SSDP Notify requests. I did some digging into this issue, as I was having the same problems. I reviewed my router and firewall configs and verified that NAT acceleration etc., was already turned off as it's not an option on the Fortinet 60D firewall. I broke out Wireshark and configured my AP settings so that I could sniff the wireless traffic. What I found was that my other UPnP capable devices were interfering with my XBox One UPnP traffic in that the gaming consoles could never get a legitimate SSDP registration response from WR1. [b]Elaboration on the Problem[/b]: Essentially, my other network devices that were UPNP enabled, chiefly Windows 7/10 systems were trying to respond to the Xbox. The secondary Xbox was not among the responders to the SSDP notify packet, nor was the wireless router that I was connecting to. To fix this non-response by the appropriate hardware, I had to isolate the UNPN SSDP protocol to its own subnet in order to avoid interference from other devices. [b]Background[/b]: I have a Fortinet 60D firewall which allows me to assign individual subnets to ports which allows the firewall to do the primary NATting of all outbound/inbound traffic. Since I can configure individual subnets on a per-port basis on the firewall, I can truly segment the two wireless routers that I have, using the routing mechanism built into the firewall to route the Xbox traffic to the wireless router that the Xboxes are configrured on, and all other traffic to my primary wireless router. I understand that standard home networking gear doesn't allow you to assign subnets on a per-port basis, so this may be where many of you are running into trouble. In both instances I'm double-natting. ISP to firewall, then firewall to WR1, and firewall to WR2. However, the only NAT that is of any consequence is the firewall to ISP NAT. [b]How I fixed the problem[/b]: WR1 was left at router defaults and with all hosts except for the two Xbox gaming consoles. I connected a second wireless router to my firewall and configured the wireless settings. The two Xbox consoles were isolated by moving them to the new wireless segment so as to avoid unwanted UPNP traffic. Aside from configuring the wireless LAN for WR2, all other router settings were left at default. [b]Result[/b]: I can now make a FireTeam at will, and have it link up without resetting consoles, logout/in etc. I'm elaborating on my configuration in hopes that it helps, but I cannot guarantee that it will work for everyone. [b]Original Setup[/b]: Internet | Modem | Fortinet 60D 8-Port Firewall with public IP (Natting with routing on a per-port basis) | Fortinet Port1 statically configured with network 192.168.254.1/30 | WR1 with WAN port statically configured with 192.168.254.2/30 | WLAN1 configured with 192.168.1.0/24 Hosts on 192.168.1.0/24: 2 - WiFi TV's 2 - XBox One Consoles 3 - Windows-based laptops 2 - Linux-based network appliances 2 - iPhones 2 - iPads 2 - Android phones This configuration did not work because the Xbox UPNP traffic was being responded to by Windows 7/10 workstations rather than the WR1 router or the secondary Xbox. In order to correct the issue, I had to configure a secondary firewall port with a new network connected to WR2 so that I could host both gaming consoles. At this point I've got a firewall that is routing packets based on source and destination in the firewall security policy, where routing and NAT decisions are truly being handled by the Fortinet firewall and not the wireless routers. Routers only route when the traffic is destined from inside your home network (or local network) to a network that differs from the internal network you are currently on (or is external to you). If the traffic is destined from Inside (your local network), to Inside (your local network), then the packets aren't routed they are switched, and this is where UPNP, not NAT, is important. [b]New Setup[/b]: Internet | Modem | Fortinet 60D 8-Port Firewall with public IP (Natting with routing on a per-port basis) | Fortinet Port1 statically configured with network 192.168.254.1/30 --- WR1 WAN port statically configured with network: 192.168.254.2/30 --- WR1 WLAN1: 192.168.1.0/24 | Fortinet Port2 statically configured with network 192.168.254.5/30 --- WR2 WAN port statically configured with network: 192.168.254.6/30 --- WR2 WLAN2: 192.168.2.0/24 Hosts on 192.168.1.0/24: 2 - WiFi TV's 3 - Windows-based laptops 2 - Linux-based network appliances 2 - iPhones 2 - iPads 2 - Android phones Xbox Hosts migrated to 192.168.2.0/24: 2 - XBox One Consoles Hopefully this helps. Have fun storming the castle!