Configuring COMODO Firewall for OnLive service help

I am using COMODO Firewall version 5.5.195786.1383!

Today I joined the OnLive digital gaming service (similar to STEAM), but when I tried to use their app to connect to my account, I got an error message saying “check firewall settings for UDP traffic”.

I looked through their help section ans stumbled upon the following post:

I get a message that says to "check firewall settings for UDP traffic."

The most common reason for this message in corporate settings is that the router is configured to block certain UDP traffic.

OnLive requires certain ports to be open in order to provide a successful connection. On most routers you can open the required ports by finding the “Port Forwarding” or “Port Triggering” option.

OnLive requires UDP ports 16384-16640 and TCP port 443 to be open. If you do not have access to your router, contact your network administrator about opening the required ports.


Notice the highlighted part in bold. I opened COMODO Firewall and added rules to allow the OnLive app access for both TCP and UDP on ANY Source/Destination Address and ANY Source/Destination Port. Also in ANY direction (In/Out).

However, despite all this, I still got the same connection error message from OnLive app. I thought already that the problem lied with the app itself and had nothing to do with COMODO Firewall until I decided to try and DISABLE COMODO Firewall altogether, and once I did that the app connected successfully.

So the problem clearly lies with COMODO Firewall.

Question being, why does COMODO Firewall continue to block the app even though I have set it to allow full access to TCP/UDP for it??

Thanks,
quanzaboy

For what it’s worth, I wasn’t able to get past the message but it had nothing to do with the firewall or router, as I tried a direct connection without either and it still failed. For my part, it may be down to something I found in their support threads:

At this time, only the US data centers are enabled for the full OnLive Game Service, so if you travel too far from our US data centers, you'll eventually reach the point where you can't play games. This limitation will be eliminated once we open up non-US locations. Then, you'll automatically connect to the closest data center and be able to play games almost anywhere.

I’m not in the US…

I’m not in the US either but in my case once I disabled COMODO Firewall then I had no problems connecting, so it has to be the Firewall.

Their solution to the problem suggests one needs to forward the ports for UDP and TCP. That being the case, in addition to the Application rule, you’ll need to create some Global rules that allow inbound connections to these ports:

Action - Allow
Protocol - UDP
Direction - In
Source Address - ANY
Destination Address - ANY
Source Port - ANY
Destination Port - (A port range) 16384 - 16640

Action - Allow
Protocol - TCP
Direction - In
Source Address - ANY
Destination Address - ANY
Source Port - ANY
Destination Port - 443

You also need to make sure the OnLive executable can receive inbound connections in Application rules.

Why do I need to make Global Rules for this in addition to the application specific rules?!

If you’ve installed CIS with the AV component, it’s configured to use the Internet Security Configuration policy. This policy configures the firewall, through Global rules, to block all inbound connections, apart form those explicitly allowed, or via stateful inspection. This is also true if you’ve used the Stealth Ports Wizard with the third option

‘Block all incoming connections and make my ports stealth for everyone’

Because of this, any application that needs server status, which seems to be implied by the OnLive FAQ and I find difficult to understand’ will have to have one or more Global rules to overcome this security restriction.

If you haven’t installed the AV, or you’re using a different security configuration (CIS - More/Manage My Configurations, Firewall or Proactive) and you’ve not run the Stealth Ports Wizard, you shouldn’t need these inbound rules, as inbound connections are allowed by default.

To understand the difference between Application and Global rules:

Application rules control the flow of traffic for individual processes
Global rules control the flow of traffic for protocols and ports