Port Forwarding and "Advanced Security"

When you set up a Port Forward with the Xfinity App, it seems to only last a few days. You also get a warning message about security, and "Advanced Security" turns off at the time your establish the Port Forward. But the Forward doesn't stay in effect!

The App also warns you about turning off unused ports. I am beginning to think that the problem is not on my computer, but that there is no way to set up a long term Port Forward before "Advanced Security" gets in the way.

So is this true? How can I set up a long term Port Forward that I and not "Advanced Security" decide to turn on or off? There is nothing specific about this that I can find.

Responses

Oldest First

Selected Oldest First

dbster

Regular Visitor

•

21 Messages

20 days ago

I'll add that this page

https://www.xfinity.com/support/articles/xfi-port-forwarding

is missing something.

If Advanced Security blocks traffic to a device, you have two options:

Allow Access:
- Go to the Home tab in the Xfinity app.
- Click Advanced Security and follow the steps.
- Use this only if you trust who’s accessing the device.

What steps???

But when you go to Home in the app and click on Advanced Security, as it says above, there doesn't seem to be anything new to do. Such as leave port forwarding on and get Advanced Security out of the way.

dbster

Regular Visitor

•

21 Messages

Also, is there something else to work around this, like go to 10.0.0.1 and log in to the modem to get a real set of controls instead of the app and set things up on your own?

20 days ago

dbster

Regular Visitor

•

21 Messages

Also, the list of DHCP devices shown is now not complete. I have two Ethernet devices going through a Net Gear switch; today only one shows up in the list.

It used to show the host name, now it shows the MAC address. Something has changed. I can still get to both on my 10.0.0.x network with telnet, so they are both alive. But the port forward list a) has an ordering which changes and b) is missing one of the wired devices

19 days ago

dbster

Regular Visitor

•

21 Messages

Further investigation - the list of port forward hosts is deceiving. It looks like the list is ended, and there are no scroll bars, but if you slide your finger in the list it scrolls up and the missing systems show up. In my case the port forward targets are vintage DEC VAX computers so the information shown is skimpy, but it is easy to find their MAC address and target them.

The actual port forward (PF) effective duration is still a problem - it works for a day, and then not. Asking Comcast tech support on phone for a "level 2 tech" gets the response that the person I'm speaking with is all I'll need. The good news was that in the middle of the afternoon I got a real person waiting only 10 minutes after fighting the voice chat bot. So this Community may have to be the source of the answer about durability of a port forward and how it interacts with "Advanced Security" (AS). The Comcast documentation for PF points to the app, but the app doesn't seem to have the indicated part of AS versus PF. In fact if you go to the Gateway (10.0.0.1) they have removed the menus that let you do what you want and there's only a message to use the app.

19 days ago

XfinityJoe

Official Employee

•

1.1K Messages

Good morning @dbster xFi advanced security automatically will block all traffic from those ports to protect the device, if it finds a known threat targeting a device with port forwarding, demilitarized zone (DMZ) settings, or Universal Plug and Play (UPnP) open ports.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer. tick

19 days ago

dbster

Regular Visitor

•

21 Messages

Thank you Xfinity Joe.

I try to read the relevant Comcast info before posting.

Remaining questions from your response:

Does Advanced Security block just the port on the computer that is the target of the port forwarding?

What I read says in the Xfinity App you can be selective about Advanced Security if it gets in the way, but once you're in the App it is not clear at all how to do this. Is there a good manual on the App? Or can you give me step by step to keep the port open permanently, or at least the 30 days at a time that I read somewhere?

19 days ago

dbster

Regular Visitor

•

21 Messages

1 day ago

More that I learned.

A given computer (e.g. home server), while it appears on the list of port forwarding targets (which as mentioned earlier in this saga is only DHCP devices), only gets to be used once. So for example an old DEC VAX computer set up for telnet (port 23 forwarded to it) will work. This is using the VMS 7.3 TCPIP.

But then if it also runs SSH (I use the great Process Software product) it won't appear again on the port forward target list. So the port forward assigner in the Xfinity App doesn't handle this case of two protocols on one server. I do have another VAX on the same LAN, installed SSH on that, and since the other one isn't "occupied" in the apparent limited thinking of the Xfinity App, it still is on the available port forward target list, and of course then I point the PF to the second VAX's port 22, and it works.

So this MAY be the final mystery of the Xfinity App with an XB7 modem and port forwarding.

The VAX is not the critical issue here. It is the restrictions (bugs) in the Xfinity App, versus the manual setup you used to be able to do through the 10.0.0.1 modem access. It would be nice if Comcast made a second login - let's call it admin2, that gave you back the wizard level control of the modem you're already paying for.

Your Home Network

dbster

Port Forwarding and "Advanced Security"

dbster

dbster

dbster

dbster

XfinityJoe

dbster

dbster

New to the Community?