Visitor
•
2 Messages
Clarification on Firewall Information
Hi,
I am interested in learning what the firewall settings of my xfi gateway mean in plain english. For the three firewall settings we have:
LAN-to-WAN : Allow as per below.
- HTTP and HTTPS (TCP port 80, 443)
- DNS (TCP/UDP port 53)
- NTP (TCP port 119, 123)
- email (TCP port 25, 110, 143, 465, 587, 993, 995)
- VPN (GRE, UDP 500, 4500, 62515, TCP 1723)
- iTunes (TCP port 3689)
WAN-to-LAN : Block all unrelated traffic and enable IDS
LAN-to-WAN : Allow all.
WAN-to-LAN : Block as per below and enable IDS.
- IDENT (port 113)
- ICMP request
-
- Peer-to-peer apps:
- kazaa - (TCP/UDP port 1214)
- bittorrent - (TCP port 6881-6999)
- gnutella- (TCP/UDP port 6346)
- vuze - (TCP port 49152-65534)
LAN-to-WAN : Allow all.
WAN-to-LAN : Block as per below and enable IDS.
- IDENT (port 113)
What does LAN-to-WAN and WAN-to-LAN mean in these contexts? These rules sound like WAN-to-LAN (which I perceive as inbound connections) is only blocking the listed ports, which sounds insecure. Shouldn't most consumer routers block all inbound connections by default? If that is what the xfi gateway is doing (which is unclear based on the wording), why highlight specific ports that its blocking if all are blocked by default? Is there a higher level of blocking or security?
In addition, I was wondering what exactly does xfinity advanced security do? Links like https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security are somewhat vague in the details. It sounds like it has some sort of known risky site list and dangerous source list and then is using some sort of heuristic to monitor network traffic for unusual activity. Does it do anything besides that? How does it accomplish these things?
Thank you for your help and clarification.
user_cgw535
Visitor
•
2 Messages
23 hours ago
Follow up would be appreciated. I have unable to get this clarified or contact any xfinity staff members for technical support.
1
0
BruceW
Gold Problem Solver
•
26.9K Messages
20 hours ago
"ModMail" is the private message facility used on the Reddit web site. Here in the Xfinity Forums, the equivalent is Direct Messaging. Once again, an employee has posted incorrect instructions.
To send the requested information in a private Direct Message ("DM") to Xfinity Support from any forums.xfinity.com page:
• Click "Sign In" if that prompt is visible
• Click the "Direct Messaging" icon above or https://forums.xfinity.com/direct-messaging
• On the DM page click the "New message" (pencil and paper) icon
• The "To:" line prompts you to "Type the name of a person" but don't do that. It won't work.
Instead, type Xfinity Support there. As you are typing a drop-down list appears.
• Select "Xfinity Support" from the list. An "Xfinity Support" graphic replaces the "To:" line.
• Type your message in the text area near the bottom of the window
• Press Enter or tap the > icon to send it
See https://forums.xfinity.com/conversations/email/cant-create-a-new-email-address/605e52b726aa974d63032d02?commentId=606107ea738c7f46a02b830e for an example.
Regrettably the "pencil and paper" icon is a pale grey that is active even though it does not look active. Go ahead and select it. But if a red circle-slash appears when you try to select the icon it means that DMs are disabled in your user Profile. To enable them go to your Profile Settings, clear the "Opt Out from Direct Messaging" checkbox, click Save, and try again.
0