IPSec? Yes, I did not realize this until you noted it, UDP 500 and UDP 4500. Not to defend Microsoft at all, but is it not common for other ports to be used for IPSec in actual implementation? The 500 and 4500 UDP are defaults only. As I recall, Cisco suggests not using the default IPSec ports. That said, I also found the following… https://community.ui.com/questions/Xbox-Live-Port-Forwarding-conflicts-with-IPsec/a88ea150-6eae-4dcb-9fd0-253e0529ed4e. Suggestion that XBOX Live can work without the conflicting default IPSEC ports. I have not tested this as yet, but maybe worth doing.