Xbox one ScreenOS

Here are my notes on Xbox one firewall ports with ScreenOS.

Contrary to what is posted online, I've found that not all ports need to be opened and certainly in my experience only 2 need be "port forwarded" - I used a VIP for this as I have only one public IP Address :( xbox.com link http://support.xbox.com/en-GB/xbox-one/networking/network-ports-used-xbox-live

Minimum Config
This was enough config for Xbox party and GTA5 online game sessions to work

Outbound Enabled
udp 3544
udp tcp 3074
tcp 443
tcp 80
udp 88 - Never seen traffic with dst port 88 leave so might not be required

VIP ports
3544
3074

This was working fine until I tried playing Forza Horizon 2 online.
I then added:

udp 4500 outbound

And enabled the IKE-NAT service which seems to do some Juniper magic to not translate the src port (keep it 4500 when leaving the src nat ip) and enable udp 500 outbound

See details here: http://kb.juniper.net/InfoCenter/index?page=content&id=KB9243&actp=search