(This primarily aimed at PC/Steam players, but the "two phase process" shown below would work in any environment.) I now have a LAN with multiple PCs playing D2 behind a [b]pfSense firewall[/b], and thought I should share the details. It was working fine for a year or more, using the settings described on Bungie's "Advanced Network" page, but a few months ago the game's network requirements changed. Things [i]kinda[/i] still worked, but not well. (Main symptom: Players on the LAN were not able to join each other's fireteams.) To begin with, if you're using [b]pfSense[/b], you probably have network security on your radar, and you are [i]suspicious[/i] (at the very least) of UPnP. So that's my starting point: I want D2 to work, D2 requires UPnP, but don't want to fully open the UPnP gates. (Also, if you're using pfSense you must have a willingness to figure sht out, so I'm not giving you a click-by-click recipe here.) There's a two-phase process: [b]Phase-1. Find out what UPnP connections the D2 systems [i]really[/i] want:[/b] - Enable UPnP, configured to "allow by default" - Fire up [b]all[/b] your D2 stations at once - On each station, pick a character and open the Director - Goal is for pfSense to show all the UPnP connections together - On the pfSense console, view the UPnP status - Grab a screen shot of all the connections. In my situation, I see two patterns there. First, each PC gets a port near 3097, assigned sequentially. The first PC online gets, 3097. The next one gets 3098, etc. So if you have six PCs on the LAN, you'll see UPnP connections on ports 3097-3102. The actual numbers are not "sticky", will change from day to day depending on how many are online and what order they hit the firewall. The second pattern is that each PC gets a random-ish high port in the 10k-30k range. These [u]do[/u] appear to be "sticky", probably calculated / hashed to avoid collisions. That is, a PC that grabs port 22222 today is likely to keep using that same port day after day. Not sure if that's happening in D2 or pfSense - no matter. If you're [i]extra suspicious[/i] of UPnP, you can use that info to allow only the exact ports needed. For me, though, I'm happy with just a loose bracket around the UPnP playpen. Now that you know what ports are needed, on to Phase 2. (The "allow" rules below are just examples. Use your own network number, port numbers, etc.) [b]Phase-2. Craft pfSense ACLs to match what you found:[/b] - Add ACL "allow 3097-3102 192.168.0.0/24 3097-3102" - Add ACL "allow 12345 192.168.0.0/24 12345" - Add ACL "allow 23456 192.168.0.0/24 23456" - .. .. .. - or just add ACL "allow 10000-30000 192.168.0.0/24 10000-30000" - Change UPnP back to [i]DENY[/i] by default - Save the config and restart the UPnP service All the D2 players will have to restart. Back on pfSense, check the status of your UPnP service to make sure all the right ports are getting connected again. [spoiler]Moderator edit: This thread has been moved to the #Help forum where you can find answers and troubleshoot any Destiny in-game/bungie.net/companion app issues, courtesy of other helpful players and Mentors. Feel free to private message the moderator who moved your post, link to topic, for further clarification about why this topic was moved.[/spoiler]