@PickleSlice ...
This might help...

https://www.reddit.com/r/OPNsenseFirewall/comments/ux5h43/the_definitive_guide_to_enabling_sony_playstation/?rdt=52258

@mcury I know that AppID can detect everything when the rules are in place. I do not know the patterns but, they do not require description it seems.

@Th3ory Hmm, I usually see at least one or two ports showing up in the list as soon as I start a game. The page does not dynamically update though, you have to refresh it, or click "UPnP & NAT-PMP" to get it to refresh.

It would look like this after starting MW3 and MW2 for example.

322dc3c0-6ee3-40a4-896e-f42e5d170fb8-image.png

@Dave234ee Have to solved this issue?
I don't really see why your network should be slowed down by your downloading unless you actually consume the entire bandwidth.

BUT, I read somewhere that the Xbox app is be considered part of the OS in some ways, and your settings for Windows Updates seem to affect also this App. Press the Windows Search Bar and type “Delivery Optimization advanced settings.” and see what comes up.

Another tip I saw was related to Windows Defender... Try turning off Real Time Protection and see if that helps, and then turn back on after download is complete.

@jowilhnson Nah I gave up using pfSense for Gaming Console purpose. It's sad that even at netgate nobody cares.
Just coming back from Gamescom where we had several booth using netgat ein the past now switched to another solution because of the consoles. Sad :(

@LinkP Thank you. I've come a long way from microsoft, and this product is excellent. ty!

I actually just got this to work, YMMV since set ups are so different like my VLAN usage, etc. but it does work for me now.

The dedicated server has a built in network test that they do to ensure it can "communicate" properly. I saw some forum post on steam discussions and reddit (https://www.reddit.com/r/SonsOfTheForest/comments/14jo4y0/bug_with_the_new_dedicated_server_tools/) about users being able to play/connect even though the network test failed. Most likely it is either a bug with the network test being used or just that is unfamiliar with the way packets are being handled by pfsense.

So most of my set up was actually good and working. Setting NAT + Proxy mode allowed the self-test to pass but as stated only external friends could connect and see the server, I was unable to do so at all. A post mentioned they were using Pure NAT setting for NAT reflection - I tried that and the network self-test failed in the dedicated server. From a suggestion from a user, I tried Pure NAT again and then added the following in the server config file: "SkipNetworkAccessibilityTest": true. This skips the built-in network self-test that is problematic with pfsense NATing or either has a bug as stated.

I then was able to see the server in Steam Public List and connect properly. Side note, I am not able to see the server at all in LAN list probably due to VLAN and/or subnet differences. But that is not a big issue since I can connect via public listing. I hope this helps any other users experiencing similar issues

@DonZalmrol

Can you provide a detailed view of the relevant NAT rule settings for those of us who are not so savvy?

@jonathanlee everything else works roblox, amazon prime, disney plus. Tubi works for one movie only and requires app reset to work again.

@gblenn for what ever reason that doesn't work on my end.
I've tried that, tried restarting pfSense tried changing my static IP, rebooting my desktop and nothing.
Starting to think I'll either have to move to a normal router, or just give up on the hopes of it working correctly.

@kenhans I'm pretty sure you have things set up as they should be in pfsense already. I mean the only thing you need is the port forward of 10308 to the DCS appliance (which needs to be on the pfsense subnet and under it's DHCP server).

If I read things correctly the issue was that you had your wifi-router set up and connected as a router still...?

You need to treat it like a switch, and give it an IP in the same range as your pfsense (within the static range preferably). Unlike a managed switch it will probably not pick up an IP handed out by pfsense.
AND you need to dumb it down and turn off the DHCP server which would otherwise be conflicting with pfsense. After that you can call it an AP basically... and all you need then is to move the cable you had coming from pfsense, from the WAN to one of the LAN ports, and you are all set to go...
Some wifi-routers allow bridging of WAN to LAN when used as an AP. This would give you 5 switch ports instead of 4...