Best way to setup DMZ

@XfinityAaron​ Well I'm just wondering what's the best way to setup a DMZ considering I don't have a XFi gateway or Xfinity gateway, I just have a broadband modem connected to a wireless router. I've been establishing the DMZ at the wireless router but with a couple days I have internet connection issues.  I don't know if it's just due to coincidence with internet issues in general.

Just to confirm, you are using your own modem / router @imngtech?

@XfinityBilly​ yes i'm using my own modem and router.

@XfinityAaron​ Good afternoon, I just got an XB8 installed, the wifi name has been changed. I need to add an IP address into the DMZ. I logged into the new APP, clicked on enable add the IP address I need and try to apply. It said Enabling DMZ, then comes back with an error We're having Some trouble. How long does it take for the new modem to bond with the system to take these changes?

@flatlander3​ Yeah I heard that about a DMZ, then I wonder why it's being recommended to do that, particularly with gaming consoles.  I guess the link I posted above using Xfinity gateways they have their own way of handling or securing the traffic through the defined DMZ within their gateway.  I already hardwired my console (it's an Xbox) to the wireless router, but I don't have it segmented (or on a different subnet if you're suggesting, not sure if I can with this particular router).  I don't think there's a way to prioritize gaming traffic through this particular router as well, I haven't seen it under the config settings. So you're suggesting a firewall with the three interfaces, I like that idea, basically isolate or segment the traffic between the gaming console and the other stuff serviced by the wi-fi router.  Didn't think home or consumer-grade firewalls existed, but I'll certainly look into it.  I wonder if product suggestions are allowed in this forum but if not I think you can message me directly if you have a recommended firewall.  Thanks!

@imngtech​ Checkout either pfsense community edition (free), or opnsense (free) which is the open source fork of it.  Both are BSD/unix based and both configure with a web browser.  If you don't want to build your own box, they both also sell appliances but building your own doesn't require much for hardware.  Tiny 40G hard drive works.  x86_64 CPU, more RAM is always better but 2-4G works.

Lots of addons/plugins for free on either one too.  Might be able to retask something you have collecting dust. 

Game console doesn't scream "security" to me.  Neither does router bios guy.  Both have and will be compromised at some point.  Software has flaws too, but at least you can update and patch your firewall, and there are a ton of people using these products so updates/upgrades roll out just like with any other OS.  Point and click for updating and backup.

I don't think you can prioritize traffic on either one (I might be wrong there, there is traffic shaping but my use case is limiting/bandwidth control), but you can see exactly what is going on with bandwidth use.  From there, any game stall is going to be physical Xfinity connection related, or communication to the game server. 

I would like to know how long it takes comast to allow you to make changes with the app to change things, I just changed an XB7 for an XB8 and need to make changes and the app says there having problems.

@rb653504​ There's a good question.

On my firewall, when I change something, I click 'apply' and the rules reload in about 6 seconds or so.  On a 3rd party gateway, depending on what you change, it may reboot to apply the change, but if it's minor and not a mode change, it's around the same amount of time.

With an Xfinity gateway, your app communicates with a backend server (or is supposed to), then that somehow is supposed to update your gateway configuration......via some method.....and with security you can't audit.......If it works......and the backend isn't down......

Perhaps Xfinity can provide the engineering spec for it so we can see how it's supposed to work?  It seems changing settings does not work for a lot of people, quite frequently.

@rb653504 Hello there. I'm sorry to hear the app isn't working to set up a port forward. It looks like a link was supplied earlier that goes over how to set up a port forward online as well  https://comca.st/3aEc60k Have you tried setting it up online yet?