Remote IP address blocked

You didn't say what you were using for equipment, or which ports, or your network topology.  If it's just an Xfinity gateway, there are port forwarding problems posted frequently to this forum.  You're trying to configure it with a remote database/phone app arrangement instead of a local admin interface on Xfinity gear.  Changing gateway settings that way frequently doesn't work. 

Some people report not being able to port forward to a device set with a static IP, or one on an Ethernet port.  Other people report they just couldn't get it to work and ended up switch gateways.  You can try yanking the power cord, wait 30 seconds and plug it back in.  Perhaps it will download the config you set with the phone app then.  The XfinitySomethings offer no help at all in public.

If you've got a VPN setup already and it works, perhaps change the server config to allow traffic to the machine or subnet it's on.  That's a better way to do it anyway.

For some reason I can't respond nor create posts while logged in to the forums, I have to log out, write the message then log in after hitting post O_o. Maybe related to this https://forums.xfinity.com/conversations/getting-started/forum-not-allowing-me-to-post-from-pc/6434b1990edf624dbe0ab24d
./shrug

My network topology is fairly straightforward, I have xfi gateway which is handling routing and dhcp but wifi is turned off as it is being handled by asus mesh access points. I tried making adjustments both on the local gateway and through the app but haven't had luck using either.

This isn't an issue with port forwarding, the issue is that when attempting to access one of my remote servers from src xfinity -> dst remote server on any port stops at the gateway, it won't go to the next hop. There is nothing to change on the remote server as it is accessible from everywhere except from xfinity. While at the same time another server I have within the same remote network hops all the way to the endpoint. 

I can use a vpn to reach the server, however I am concerned that there is a block on this IP for no known reason and as this server is hosting public websites I am concerned that the block is propagated to other xfinity subscribers. There is nothing malicious on the server, it is simply hosting small business and hobby sites so it should not be blocked. 

Similar to the issue in this 4 year old thread https://forums.xfinity.com/conversations/your-home-network/comcast-is-blocking-ip-with-no-justification/602dadcdc5375f08cdd3d8b6

OK well, that's a little more detail.  More detail might help with a place to look for issues. 

What service and port(s) are you trying to access on the remote server?  Is this a cloud server host arrangement?  Do you have any access to log files for the service it's running?  Do you control the firewall on the remote side?  Which OS is server running on.  Is this a hosted domain with a fully qualified domain name you are trying to access by name?

You're trying to get there with ICMP, have you tried a TCP or UDP scan with nmap, if the service is running TCP or UDP protocol?  ICMP traceroute sometimes is less than helpful, especially when dealing with hosting services.

rad! turning off advanced security allowed me to get to it. I checked there previously but didn't see any warnings or notifications of a block for that IP, I guess it just silently blocked it. When I spun up the remote server it worked without issues for 4 or 5 days and then the block came in to place. I would like to keep advanced security, but at least I have a work around now. Thanks!

Just for information, I don't know how good the work around will be.  They do claim sometimes it takes 24 hours to actually disengage.  There are also a ton of reports on this forum about not being able to activate, or shut off "advanced security", so I guess you got lucky there.

At least you know what it is.

--Cheers!