Strange problem playing online FPS games thru a USG2000

hansjalbertsson
hansjalbertsson Posts: 34  Freshman Member
Friend Collector First Comment
edited April 2021 in Security
We, a condominium of 300 flats, are using a ZyWall usg2000 as our main router, gateway and dhcp manager.
It provides the default SNAT on the WAN trunk. No attempt to modify policy routing or, I'd say, anything else save configuring the wan and lan interfaces has been done.

Clients are given addresses in 10.30...., limited to 2500 addresses.
We assign one address to each flat, and each tenant is supposed to connect an ordinary private NAT router and managing their own home networks using 192.168.N.0 networks. No bridging, such as Apple Airport boxes can do, is allowed.

The problem: several tenants play online FPS, RPG or TPS games, such as Blizzard's Overwatch, and they experience disconnects lasting 5-10 seconds when they cannot sync their private game client with the server and team members.
During these breaks, packets from the player to the game servers are sent, but nothing at all comes back. 

Could this be a problem inthe USG2000, suchas with the default SNAT?

«1

Comments

  • PeterUK
    PeterUK Posts: 2,656  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited November 2017

    Maybe you could try setting the UDP session time out to a higher timeout? In security policy > session control.

    If you have ADP enabled has it tripped any of them? 

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello hansjalbertsson,
    As your description,
    Could you please try to disable Session limit which I show you as below. After that check it again.
    1. when the gaming session disconnect on pc, please check can client access internet or not.
    2. If cannot, please go to firewall>session control>disable session limit


    Charlie
  • hansjalbertsson
    hansjalbertsson Posts: 34  Freshman Member
    Friend Collector First Comment
    Zyxel_Charlie: Session Limit is NOT enabled.
    Peter_UK: You mean Firewall->Session Control?

  • hansjalbertsson
    hansjalbertsson Posts: 34  Freshman Member
    Friend Collector First Comment
    Peter_UK: I raised the time out to 300.
  • hansjalbertsson
    hansjalbertsson Posts: 34  Freshman Member
    Friend Collector First Comment
    The increased udp session time out had no effect.

    So, please come up with more ideas!
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello hansjalbertsson,
    For this case,
    when the issue occur, could you please Go to Dashboard>System Resources and check active Sessions.(Please screenshot to me).

    Moreover, please click "arrow icon" on Active session to check history of session usage. (Please screenshot it).

    BTW: May I know does your topology is like 300 private NAT routers-------USG2000----Internet?
    Charlie

  • PeterUK
    PeterUK Posts: 2,656  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited November 2017

    Can you try just one person doing gaming to see if the disconnects happen with just one person. I'm thinking NAT is changing ports and them sessions are dropping.

    you say "and each tenant is supposed to connect an ordinary private NAT router" but can they try direct? to rule out double NAT problems. 


  • hansjalbertsson
    hansjalbertsson Posts: 34  Freshman Member
    Friend Collector First Comment
    PeterUK: No they can't, but maybe I can. Will take some work.

    Zyxel_Charlie: Our topology is precisely that. The Data points and screenshotswill be forthcoming.
  • hansjalbertsson
    hansjalbertsson Posts: 34  Freshman Member
    Friend Collector First Comment
    We currently have a major problem with our ZyWall, one that may force us to move to an entirely different solution to network delivery in the condo.

    However: I thought NAT traversal techniques using STUN could overcome double NAT problems?
  • hansjalbertsson
    hansjalbertsson Posts: 34  Freshman Member
    Friend Collector First Comment
    ...because of the zywall dysfunctionality I dare not test direct connect. 

    I suppose you mean forego the private NAT routers and let a selection of users connect directly to the usg2000

Security Highlight