So, you’ve got an Esports team at your school. Awesome! This is a great opportunity for your students… but sometimes, nay, often, a headache for us tech guys who have to make these end-user devices work on our secure, enterprise networks. Enter: the Nintendo Switch. If you’re using Nintendo Switches on your Esports team you will likely encounter an issue with the switch detecting the incorrect Network Address Translation (NAT).
An incorrect NAT Type can cause lag, connection drops, and prevent you from joining lobbies.
NAT allows multiple devices on a network to use a single public IP address. It’s how most networks are configured behind their firewalls and routers. The router handles these connections on the network and passes the connection request out to the host. A connection is then established and data flows between the host and the device on the network.
Without a proper NAT configuration, problems can arise in multiplayer games when joining lobbies, match servers, and voice chat.
Once the correct NAT Type is established, then your Esports team will be able to compete in online tournaments.
Nintendo NAT Types
The Nintendo Switch determines NAT type by the settings that have been configured on your router/firewall. Your NAT type and the NAT type of other players determine whether you can successfully communicate with them through voice chat or multiplayer gaming.
The Nintendo Switch has three NAT types: Type A (open), Type B (Moderate), and Type C (strict). Other NAT types are Type D and F, they are typically not functional for multiplayer.
NAT Type A (open)
Allows use of any port and will accept any connection, which is needed for peer to peer networking.
NAT Type B (moderate)
Some connections are limited by the router and could cause some issues depending on the game.
NAT Type C (strict)
Connections are restricted so that only the port the connection was established on can be used.
Recommended NAT Types for Gaming
Most games on the Switch will require NAT Type A or B. For Smash Brothers Ultimate, at least Type B is required for multiplayer.
Determine NAT Type
On the Switch’s Main Screen, go to System Settings > Internet > Test Connection > NAT Type
Security Concern with Nintendo’s NAT Config Recommendation
Nintendo recommends putting your Switch in a DMZ and enable port forwarding for ports 1-65355. From a security standpoint, this probably isn’t the best advice regarding port forwarding. Although a DMZ does isolate the Switch, the wide number of ports open is still a concern.
If you do decide to put your Switch in a DMZ, you will need to create a DMZ on your firewall and VLAN that traffic to your Switch. That’s outside the scope of this guide.
For those with small business level or home routers, see https://portforward.com/ for information on how to configure port forwarding and which ports are required for each game. Again, port forwarding isn’t recommended given the wide range of ports left open, unless you have a specific use case for it or don’t care about security.
Set a Static IP Address for your Switch
- Enter the home menu
- System Settings > Internet
- Go to Internet Settings
- Select Wired Connection
- IP Address Settings -> Set to Manual
- Input your static IP address, subnet mask and gateway.
- Press Save
Firewall Policy Setup for Fortigate / FortiOS 7
The above image is the firewall policy that you will need to create on your LAN to your outgoing interface. This is the policy for a Fortigate firewall running version 7 of the FortiOS.
You will need to create an address object for the Nintendo Switch’s static IP address that you just configured on your Switch. This is the object you will select for the source.
Because Nintendo has a very wide range of ports required for connectivity we will be selecting “All” as our destination. Select “ACCEPT” for the action to allow the traffic to the Switch.
Enable NAT and select Use Outgoing Interface Address.
The most important option in this policy is “Preserve Source Port.” This allows the Switch to use the same source port for services that expect traffic to come from a specific port. This is the NAT setting we need to effectively communicate with Nintendo’s servers and other peers.
Let’s get that policy saved and go see the result.
Testing the Switch’s NAT Type
It’s time to test your Switch and see what NAT type you have. This policy should now put the Switch in NAT Type B. Which is sufficient for online games and tournaments.
Again, to check your NAT Type: On the Switch’s Main Screen, go to System Settings > Internet > Test Connection > NAT Type
Congrats, you are now ready for Esports on the Switch!