Community Forum

Internet

Top Contributors
Sort by:
Your home Gateway (such as the Xfinity xFi Gateway) broadcasts two radio bands to ensure an optimal in-home WiFi experience— one band focused on speed, and one focused on coverage.   These bands work best when they’re operating on a simple, personalized network. Simplifying and customizing your network will make it more secure and provide your devices with better connectivity, and we can help you get there.   Some Background: Understanding the 2.4 GHz and 5 GHz Bands The 2.4 GHz band offers better WiFi coverage, but is prone to more congestion due to heavy network traffic. The 5 GHz band offers less range, but delivers faster speeds thanks to less congestion and wider channels.     Understanding how xFi Gateways work Xfinity xFi Gateways are all-in-one devices that deliver whole-home WiFi coverage, fast Internet speed and the ability to control your home network - for the ultimate connected experience. xFi Gateways are "dual band," meaning that they broadcast two separate radio bands for their WiFi network - a 2.4 GHz band and a 5 GHz band. Historically, you were encouraged to use a different WiFi name and password for each band. You then had to choose which band your devices should connect to. Knowing which would provide the best connection and performance was guesswork. That’s now changed. With the advanced intelligence of xFi Gateways, using the same name and password for the 2.4 GHz and 5 GHz bands lets the Gateway sort out which one will provide a better connection at any given time. You will still have both bands and all the associated functionality, channels and range. However, by using the same WiFi name and password for both, devices will connect seamlessly to the most optimal band at any given time. This is called "band steering." If you have an xFi Gateway (Arris 1682G, Cisco 3941T, Cisco DPC3939, Arris 3482G, Technicolor CGM4140COM or Arris X5001), you should simplify your WiFi and switch to using a single SSID - that is, use the same WiFi name and password for both your 2.4 GHz and 5 GHz bands, so you can take advantage of this seamless connection to the best network. Changing your WiFi name and password To get started using the same WiFi name and password across your entire home network, you can login to the   xFi mobile app   or Website. Once you’re logged in, look for the Network menu. Once you’ve located it, select the Edit WiFi option. From there, you can update your WiFi name and password—it’s that simple.   **Note**: You may need to reconnect some of your devices when using these new settings. Once it’s all said and done, your devices can choose between the best in-home WiFi connection at all times.   You can also automatically simplify to one name and password by selecting the Simplify Your WiFi tile under the Just for You header in the Overview section of xFi.   **Note**: If  you have installed xFi Pods, the option to have split 2.4 and 5 GHz bands   is disabled.   Added benefits of using one WiFi name and password for your network include fewer connectivity issues, a more secure home WiFi experience, and less troubleshooting. If you’re ready to get the most out of nation’s fastest Internet,   log in to xFi today   and get started.      Frequently Asked Questions I only see one in-home WiFi name now and I used to see two - what happened? When you have a single name and password for your 2.4 GHz and 5 GHz bands, you will only see one option to connect. Please be assured that the second WiFi band is still working in the background to optimize your connection. What action do I need to take? If you aren't already using the same WiFi name and password for the 2.4 GHz and 5 GHz bands, you should update your WiFi name and password. The easiest way to update your settings is to select  Simplify Your WiFi  from the  Overview   section of the  xFi website  or mobile app. You can also update your WiFi name and password by selecting  Edit WiFi  from the  Network   section of the Xfinity xFi app or website.  Learn more about xFi network settings . We'll take care of the rest in the background to optimize your network How do I know if I have an xFi Gateway with this feature? This is eligible on Gateway models Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Cisco DPC3939 and Arris X5001. To determine the type of Gateway you have, check the make and model information located on the bottom of your device. You can also log in to My Account and select  Devices   to view the make and model of your Gateway. What is band steering and how does it work? Band steering means the xFi Gateway determines which WiFi network band (the 2.4 GHz band or the 5 GHz band) is most optimal for a device's WiFi connection at any given time. It seamlessly changes to the best band based on signal strength and WiFi congestion thresholds. To enable band steering, the 2.4 GHz and 5 GHz bands must have the same WiFi name and password. What happens if the 2.4 GHz and 5 GHz WiFi network band names and passwords are different? If the WiFi network names and/or passwords are different, you will not be able to take advantage of band steering and will need to manually manage which WiFi network band each device connects to. This may lead to slow and intermittent connectivity issues. For example, if a mobile device is connected to the 5 GHz band and loses connection due to distance, you may need to manually reconnect to the 2.4 GHz band. With the same name and password, that process will occur automatically.     Additional Resources For more information refer to  Benefits of Using One WiFi Name and Password for Your Home Network For additional assistance with your Xfinity WiFi see  How to improve your Xfinity Wifi For additional assistance with troubleshooting your Xfinity WiFi see How To Troubleshoot Your Home WiFi Network with XFINITY xFi
View full article
Many factors may impact WiFi connectivity in your home. Take the following into consideration for better WiFi performance: Check Gateway/Router Placement Place your Gateway, modem or router in the most central location of your home, preferably on the main floor instead of the attic or basement. Make sure it is at least a couple of feet off of the floor and confirm that the coax cable connection is finger tight. Avoid putting your Gateway or router in cramped spaces or next to anything that can block the WiFi signal. The best position is in an open space away from thick surfaces (e.g., concrete walls) and other household electronics that may cause interference with the WiFi signal, such as baby monitors, cordless phones, microwave ovens, refrigerators and Bluetooth-connected devices. **Note**:   Consider adding Xfinity xFi Pods to help extend your home WiFi coverage throughout your home. To learn more and purchase, go to   xfinity.com/xfipods. Regularly Reboot Your Equipment Rebooting (or restarting) your Gateway, modem or router is good for the device's health and for your home WiFi performance. Doing this allows the device to update its software, if necessary, which can help optimize your connection and speed. Learn   how to restart your WiFi equipment. Confirm Your WiFi Network Sometimes you may be connected to your Gateway's public WiFi hotspot network (xfinitywifi) or secure hotspot network (XFINITY), which can limit your WiFi speed. Go to the WiFi settings of your device to make sure you're connected to your personal in-home WiFi network. Connect High-Bandwidth Devices via Ethernet Whenever possible, plugging stationary devices directly into your Gateway or router using an Ethernet cable may provide optimal connectivity. For example, it's ideal for desktop computers, gaming consoles and video streaming devices to be connected with an Ethernet cable instead of connecting wirelessly, since activities on those devices use a lot of bandwidth (e.g., graphic-rich online gaming, movies or TV shows). Check Bridge Mode and Antennae for Third-Party Routers If you use your own router along with your Gateway, make sure the Gateway is in bridge mode. Learn more about   bridge mode. You'll also want to position the antennae of your router so that one is pointing vertically (12 o'clock), and the other one is pointing horizontally (either 3 or 9 o'clock) to broadcast the strongest signal. Consider a Different Speed Option If many devices access your home WiFi network at the same time, you may want to consider a higher speed tier to improve your network's performance. We offer several speed options to serve your needs. Visit My Account to see which level of Internet service you have and the upgrade options that are available. Other Factors That May Impact WiFi Connectivity: Technical limitations of personal devices (e.g., an older phone that can't handle faster speeds, out of date operating systems, etc.) The distance between personal devices and your Gateway/modem/router Older devices which could be consuming bandwidth and slowing down your network       Additional Resources For more information, refer to   Xfinity's in-home WiFi tip sheet. For details about staying connected to your home WiFi network, see how to   troubleshoot Xfinity Internet or WiFi connection. If your Gateway is several years old, it may be time to upgrade. Find out more about   upgrading your wireless network equipment. For additional information, refer to Improving your Xfinity WiFi.
View full article
This article tells you how to troubleshoot your WiFi Network using XFINITY xFi
View full article
This article provides information on how to complete your XFINITY Wireless Gateway Self Install and Activation
View full article
***Created by our Community Users***     We see many questions in the forums regarding port forwarding, so I have put together a primer to try to help those who are new to the concept.   WARNING: Port Forwarding exposes devices on your LAN to the Internet. If you DO NOT NEED to port forward, DON'T. This guide tells you how to and why you might need to port forward. The reader assumes any and all responsibility for any damage of, or intrusions into their network caused by port forwarding. What is Port Forwarding? Port forwarding is a mechanism used in IPv4 to allow a computer, smartphone, or other device (the SOURCE) outside your Comcast HSI connection to connect to a device on your LAN (the DESTINATION). A typical Comcast residential user network might look something like this: In this diagram, a Cable subscriber (you) has a webcam, NAS, or media server on the internal LAN behind his router/gateway. It is configured to listen on TCP port 8080, in this case. Other devices or game servers that you have may be configured to listen on a different (or many different) ports, but the principle is the same. Let's say that the subscriber (you) want to make that server available to a family member in a different location, so they can see your webcam, or look at pictures on your media server or NAS. In order to do that, your family member needs to be able to connect, often using a web browser, or a smartphone app. The problem is that your web server is on your LAN, protected by the firewall in your router, AND it has a private address, which cannot be used on the internet. The private subnets you will see most commonly are the 192.168.0.0 and 10.0.0.0 subnets. Subnetting is beyond the scope of this discussion, as most home routers are set up out-of-the-box to use one of these submets. Under normal circumstances, you will probably never have to change this. The problem lies in the fact that these subnets cannot be routed over the internet. Port Forwarding is intended to solve that problem.   As seen in the diagram, your home router (and you must have a router of some type to perform port forwarding) is provided with an address on the public internet by Comcast. Because of a shortage of IPv4 addresses, home routers use Network Address Translation (NAT) to allow you to connect a large number of devices to your router, and give them the ability to connect to other devices on the internet. This is done by assigning each requested connection from your LAN a TCP port, so the router can track the connection. The combination of the IP address and port number is called a socket. So, when you use your computer on your LAN to go to www.google.com, your computer (the source) sends a request using a random port (usually above port 1024) to the destination (www.google.com) on port 80 (the standard http port. Because of NAT, the Google server sees your source address as the WAN IP of your router. How, you may ask. is this related to Port Forwarding? Well, port forwarding is essentially the same process, but in reverse. Think of it as inbound NAT. You router has a public IP address, but by default, it doesn't listen on many ports. This is for security so that someone on the internet cannot easily get on to your network. Now, you have a media server or an IP Camera that you want Granny to see, so you have to tell your router to listen on a port so that you can give Granny a link to it that she can put in her web browser (how she does that we will discuss later).     How do I set up Port Forwarding   First, you have to set up your router. There is an excellent website at http://portforward.com, which will walk you through the steps of how to forward ports on just about every known router, so I am not going to go into detail on any particular model. Suffice to say that when you set up port forwarding, you tell your router to listen on a particular port (in the case of the diagram, it is port 8080), and you also tell it where to send that traffic, when it sees it. In this case, the router is told to send all traffic it ses incoming on port 8080 to the internal device at 192.168.1.200. Below is an example of the screen for configuring a Custom port forwarding service on a Netgear WNDR3700. Other router screens will look different. This is just one example:     Setting Up Port Forwarding in the Wireless Gateway Admin Tool   To turn on the port forwarding function on your gateway, follow the steps below to create a rule. Go to   http://10.0.0.1   using a device that is connected to your network. Log in to the Admin Tool: Username:   admin Password:   password   (unless you changed it) Select the   Advanced   menu in the left pane, then click   Port Forwarding. Select   Enable. The button will turn green. Click   +ADD SERVICE   in the   Port Forwarding   box. The   Add Service   page will appear.   Select the appropriate option (FTP, AIM, HTTP, PPTP), from the   Common Service   drop-down menu. Selecting one of these options will automatically populate the start and end ports below the   Common Service   field. For a service not listed, select   Other   and type   Service Name   in the field. Select the   Service Type. The Service Type is the protocol used for sending data over the Internet. The default is   TCP/UDP.   Click   CONNECTED DEVICE   to select the device on your network and populate these fields for the   IPv4 Address   or   IPv6 Address   fields. If the   CONNECTED DEVICE   button doesn't appear on the page: Open a new browser window, follow Steps 1 and 2 from above, and go to   Connected Devices > Devices, as shown below. Click the name of your device for which you want to add the port forwarding rule, under   Online Devices' Host Name. Highlight and copy the   IP address. Return to the previous browser window and paste the   IP address. The start and end ports will populate only if you selected one of the four Common Services. If not, enter the port numbers that are required for the game or service for which you want to add the port forwarding rule.   Click   Save. You have created a port forwarding rule on your home network, but before you log out of the   Admin Tool, take note of your WAN IP address (as seen below). You'll need this information to begin using the game or service.     OK, so I have set it up...how does Granny get there... Granny has a computer with a web browser. Lets say you are letting her see your IP Camera. instead of port 80, your IP Camera is designed to listen on port 8080. Under normal circumstances, you would forward the same port externally as the device listens on, so you would set up your port forwarding to listen on the WAN interface on port 8080, and internally, send all port 8080 traffic to the IP address of your IP camera. Now, when Granny browses google.com, she just types inwww.google.com in her browser, and it goes there, right? That is because google.com is listening on a well-known port for http traffic (port 80), and browsers automatically know that you want to go to port 80. What they don't know is that your router is waiting to send traffic to your IP Camera on port 8080, so when you tell Granny how to get to your camera, if you are using any port other that 80, you MUST specify the port, and that you are using the http protocol. So, you would tell granny to put the following in her browser address bar: http://<yourWANIP>:8080   To find the WAN IP of your router, you can either look at the Status page in your router interface, or browse tohttp://whatismyip.com If you don't want to give her an IP address, you would need to use some type of Dynamic DNS service (not within the scope of this discussion) to translate your WAN IP into a hostname, but you still need to specify http and the port number, like this: http://myipcam.somedomain.org:2000 (the actual name will depend on your Dynamic DNS provider)   What else can I do with Port Forwarding?   The principles are the same for pretty much any device or server that you want to make available to sources outside your home. You can port forward Windows Remote Desktop Protocol, so you can log into your PC from another device with an RDP client. You can run a web server (although publicly accessible webservers are technically against the Comcast AUP for residential connections), you can access your own media server from your smartphone, so you can listen to your music wherever you are...the possibilities are pretty much endless, BUT make sure that you secure the devices you are allowing access to with strong passwords. While many security experts frown upon the concept of 'Security by Obscurity' I personally don't see that it hurts to change the port you are using for some services, especially the more common ones...Any hacker knows that Windows Remote Desktop Protocol runs on port 3389, so instead of setting your port forwarding up to listen on port 3389 on the WAN IP, use a different port (above 1024 is recommended. The highest you can go is 65535). You can still tell the router to forward the traffic to port 3389, so you don't have to mess around with the registry settings for your RDP setup on your Windows machine. That is basic port forwarding in brief. If you have any questions, please post it in the forums in the Home Networking / Router / & WiFi Gateway Help board and we will try to help.     Is your device currently connected to your home network?   If the device is not currently connected to your home network, adding a port forward may not work. Try connecting your device to your home network and then setting up the desired port forward. Connecting to your network first will ensure the device has a valid DHCP address within the DHCP range for port forwarding.     Are port forwards you previously set up not appearing in xFi? When attempting to set up a port forward, are you receiving a message that we’re having some trouble, or that the port you are trying to set up already exists?     If you have previously set up a port forward but it is not appearing in xFi, or when attempting to set up a port forward, you are receiving a message that we’re having some trouble, or that the port already exists, editing your LAN settings may resolve the issue. This will clear any pre-existing port forwards that may not be appearing in xFi but are causing issues, and should allow you to successfully set up new port forwards. Any small adjustment made to your LAN settings should be enough to clear existing port forwards. Once the changes have been applied, you can immediately change the settings back to the previous if desired.  Once completed, try setting up your port forwards as desired.      Have your LAN settings recently changed?   If you changed your LAN settings, port forwards you previously set up will no longer work. You will need to set up your port forwards again.     Does the device you’re attempting to set up a port forward for have an IPv6 address?   xFi does not currently allow you to set up port forward for devices that have an IPv6 address since port forwarding should not be needed for these devices.  If the device is dual stack (has both an IPv4 and IPv6 address) the IP recognized by xFi depends on which address your device defaults to. Port forwarding can only be configured in xFi if the device is using the IPv4 address. There are some quirks to setting up port forwarding on the SBG6580 gateway. See this post for details: http://forums.comcast.com/t5/Home-Networking-Router-WiFi/Port-Forwarding-for-an-IP-Camera/m-p/152957... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
View full article
This article will explain what port forwarding is and how to use it on your in-home network. 
View full article
  This article outlines how to activate your Xfinity Internet/Xfinity Voice service if you rent an Xfinity xFi Gateway (Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM or Cisco DPC3939). To determine the type of Gateway you have, check the make and model information located on the bottom of your device. You can also log in to  My Account  and select  Devices  to view the make and model of your Gateway.   If you do not have an xFi-compatible Gateway, please see the activation instructions for other Wireless Gateway devices.       Activation Instructions Before you start: Download the Xfinity xFi app for free from the Apple App Store or Google Play. Launch the Xfinity xFi app and sign in using your Xfinity username and password. (You must be the primary or an unrestricted secondary user to access.) Select   I'm setting up my Wireless Gateway. After activation you can continue to use the Xfinity xFi app to manage your home network. Select   Get Started   to begin the process of setting up your Gateway. The entire process should not take longer than 20 minutes.   Select   Use Camera   to scan the QR code on the side or back of the device. The QR code should contain all of the information needed to begin activation. You may also be prompted to grant the Xfinity xFi app permission to access your smartphone's camera.   Note:   If your device does not have a QR code to scan, you will need to enter the 12-digit CM MAC number found on the side or back of the Gateway. Select   Enter Code Manually   and follow the on-screen prompts. You may also be prompted to enter the CM MAC number even if your device has a QR code if we need additional information. Your smartphone's camera will open within the Xfinity xFi app. Find the QR code and focus the camera on it. Once the QR code has been successfully scanned, you will see a green check mark. Note:   Keep your smartphone as steady as possible. If the camera has trouble focusing on the QR code, try slowly moving your smartphone away from and towards the QR code. The app will then take you through the necessary steps to set up your Gateway (modem/router) and activate your Xfinity Internet/Xfinity Voice service. For the best WiFi coverage, set up the device in the most centrally located place in your home where there is also a cable outlet. Also, avoid placing the device in your basement or attic as this can interfere with your WiFi signal. Keep it out of cabinets or closets, and make sure it is off of the floor. Select   Next   to proceed through these tips. Once you've found the best spot for your Gateway, follow the instructions to connect the coaxial cable and power cord. The lights on the front of your Gateway will flash and blink as the device prepares for activation. Select   Ready to Go!   to continue.   Now that your Gateway is connected, it's time to personalize your home WiFi network name and password. Enter a WiFi name and password that is easy to remember and secure. Select   Next. Confirm the WiFi name and password you entered are correct. If you need to make changes, simply select the back arrow in the top left-hand corner of the screen. If you are also activating Xfinity Voice, you will see your phone number on this screen. Select   Confirm and Finish Up. Note:   For customers swapping an existing xFi Gateway with a new one, you may be presented with the WiFi name and password associated with your previous device. You can choose to keep them the same, or create a new WiFi name and password. If you change the name/password, you'll need to reconnect all your devices using the new information. Your home network setup will now begin. This can take up to 10 minutes to complete. You will also be prompted to enable push notifications to be alerted when activation is complete. Once your Gateway is activated and your WiFi is ready to go, you'll be presented with instructions on how to connect to your new WiFi network. Two shortcuts are provided to make this process even easier. Simply copy your WiFi password to your clipboard by selecting   Copy   and then   Go to Settings. From there, go to the WiFi settings on your device, wait for your new WiFi name to show in the list of available networks, join the network and then paste your password to connect. Remember, you'll need to connect all of your WiFi-enabled devices using the WiFi name and password you created. Select   Continue to XFINITY xFi   to access home network personalization and control features, for example the ability to see who's most active on your network, troubleshoot any connection issues, and block inappropriate content and network threats. To learn more about xFi features, see the   overview for Xfinity xFi Web Portal and Mobile App.
View full article
How to turn Bridge Mode on and off on Xfinity modem
View full article
Ports on the internet are like virtual passageways where data can travel. All information on the internet passes through ports to get to and from computers and servers. When a certain port is known to cause vulnerability to the security and privacy of your information, Xfinity blocks it to protect you.   Find the Reasons for Blocking Listed Below Port Transport Protocol Direction Downstream/ Upstream to CPE Reason for Block IP Version 0 TCP N/A Downstream Port 0 is a reserved port, which means it should not be used by applications. Network abuse has prompted the need to block this port. IPv4/IPv6 25 TCP SMTP Both Port 25 is unsecured, and Botnet spammers can use it to send spam. This does not affect Xfinity Connect usage. We recommend learning more about   configuring your email settings to Comcast email   to use port 587. IPv4/IPv6 67 UDP BOOTP, DHCP Downstream UDP Port 67, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. IPv4 135-139 TCP/UDP NetBios Both NetBios services allow file sharing over networks. When improperly configured, ports 135-139 can expose critical system files or give full file system access (run, delete, copy) to any malicious intruder connected to the network. IPv4/IPv6 161 UDP SNMP Both SNMP is vulnerable to reflected amplification distributed denial of service (DDoS) attacks. IPv4/IPv6 445 TCP MS-DS, SMB Both Port 445 is vulnerable to attacks, exploits and malware such as the Sasser and Nimda worms. IPv4/IPv6 520 UDP RIP Both Port 520 is vulnerable to malicious route updates, which provides several attack possibilities. IPv4 547 UDP DHCPv6 Downstream UDP Port 547, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. IPv6 1080 TCP SOCKS Downstream Port 1080 is vulnerable to, among others, viruses, worms and DoS attacks. IPv4/IPv6 1900 UDP SSDP Both Port 1900 is vulnerable to DoS attacks. IPv4/IPv6     Enable Port Blocking on Your Router If you’re concerned about the security of your wireless home network, one thing you can do is enable port blocking – this can help prevent unwanted outside connections to your network’s devices. While port blocking is advanced, you can enable it on certain routers with a few simple steps. Here’s how: Note:  These instructions apply only to the following devices:   Netgear CG814v 1&2 Linksys WCG200v 1&2 Linksys BEFCMUH4  Log on to your router’s administration site. Click on the   Select a Computer/Device   button to view the IP addresses of the computers connected to your gateway. Enter the   IP address range   in the IP Range fields. Enter the   Port range   in the Port Range fields. Select the   Enable   check box. Click   Apply.       Why is Port 25 for Email Submission Not Supported? Email is used for important communications and Comcast wants to ensure that these communications are as secure and as private as possible. As such, Comcast does not support port 25 for the transmission of email by our residential Internet customers. Much of the current use of port 25 is by computers that have been infected by malware and are sending spam without the knowledge of the users of those computers. Why is Comcast Supporting Port 587? The original/legacy email ports, 25 and 110, have been in use since the inception of email and have limited or no security features. As a result, port 25 has been used for the transmission of spam and malware from infected computers for nearly a decade. Port 110 simply is not a secure means of retrieving email. Port 995 provides SSL encryption when downloading email. It has been a long-standing recommendation from   M 3 AAWG, an international community of anti-abuse professionals, and the   Internet Engineering Task Force   (IETF), that port 25 be blocked. In an effort to provide our customers with the greatest security when using email, Comcast recommends the use of the industry-recommended port 587 with TLS/SSL enabled. The recommendations from M 3 AAWG can be read   here   and you can also view the IETF   RFC 5068and   RFC 4409   (section 3.1, see below). From RFC 4409:   3.1. Submission Identification Port 587 is reserved for email message submission as specified in this document. Messages received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with additional restrictions or allowances as specified here. Although most email clients and servers can be configured to use port 587 instead of 25, there are cases where this is not possible or convenient. A site   may   choose to use port 25 for message submission by designating some hosts to be MSAs and others to be MTAs. What Makes These Settings More Secure? Port 587 further improves security through the use of required authentication and recommended TLS/SSL encryption. Required Authentication   When sending and receiving email, it is required that you use your Xfinity username and password. This helps to prevent infected computers and other devices connected to the Xfinity services from being able to freely transmit spam and malware. SSL Encryption Secure Sockets Layer (SSL) is a secure protocol for sending data safely and encrypted over the Internet. With SSL encryption your user ID, password, and email are secured from hackers and identity thieves when sending or receiving email.   Other Bodies Opposed to the Use of Port 25 There are a number of other organizations that Comcast works with to control the problem of spam on the Internet. One of the most notable of these is   Spamhaus, an organization that provides a number of lists detailing IP addresses known to send a great deal of spam and a list of IP addresses that should never send email at all. These lists, as well as others provided by similar organizations, are used by nearly all of the ISPs and mail receivers on the planet. All of the Comcast dynamic IP address space is listed by Spamhaus as not to be used for the sending of email. As such, any email sent by subscribers on the Comcast network directly to other ISPs (not via the Comcast mail servers) is extremely likely to be blocked by the receiving ISP. The Federal Trade Commission, an organization that has taken legal action against many spammers, also recommends that Port 25 should be blocked by ISPs. The FTC’s recommendation is as follows: "Block port 25   except   for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic.   Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers." The ITU also recommends blocking port 25 in their document named "ITU Botnet Mitigation Toolkit". This can be viewed   here. While this document is focused on the remediation of botted computers, blocking of port 25 is seen as an important step in mitigating the spam that is sent from botted machines.   ISPs that Manage Port 25 Many ISPs, both in the USA and around the globe, block port 25. These include: Verizon AT&T NetZero Charter People PC Cox EarthLink Verio Cablevision All Japanese ISPs France Telecom/Orange       For additional information see here: https://www.xfinity.com/support/articles/list-of-blocked-ports
View full article
Getting Started with Xfinity xFi Advanced Security   Xfinity xFi Advanced Security delivers a smarter, more personalized security solution for your home network. From computers and mobile phones to home security cameras and smart thermostats, Advanced Security protects all of your connected devices for added peace of mind. Whenever a threat is detected, it’s automatically blocked and you are notified in xFi and given tips on how to resolve.   Features Prevents you from inadvertently visiting malicious sites and becoming a victim of phishing attacks. Blocks remote access to smart devices, like home cameras, from unknown or dangerous sources. Helps monitor devices real-time and alerts you when devices are behaving in unusual ways that could indicate a network threat. Adapts to your home network and gets smarter to keep up with new threats over time. Provides real-time notifications and a dashboard to easily view and manage threats right from the Xfinity xFi app or website.     Benefits No additional hardware to install; all you need is a compatible xFi Gateway. No software to install on your individual devices; your entire network is protected, once Advanced Security is enabled.     Access Advanced Security is a subscription service available for $5.99/month for all Xfinity Internet subscribers who rent a compatible xFi Gateway. To subscribe, visit  xfinity.com/xfiadvancedsecurity . Once you have subscribed, simply download the xFi mobile app or visit the website at  xfinity.com/myxfi  to access the Advanced Security Dashboard from the Overview or Network sections. Learn more about  using xFi Advanced Security . **Note**:   If you are an xFi Advantage customer, Advanced Security is included with your package at no additional cost. Equipment Requirements These four xFi Gateways support xFi Advanced Security: Arris 1682G Cisco 3941T Arris 3482G Technicolor CGM4140COM   **Note**:   Xfinity xFi and Advanced Security will not be available for Gateways in Bridge Mode.   Using Xfinity xFi Advanced Security xFi Advanced Security provides an added layer of protection for your entire network by preventing you from inadvertently accessing malicious sites, blocking remote access to smart devices from unknown or dangerous sources and monitoring activity in real time to detect when devices are behaving in unusual ways that could indicate a network threat. Whenever a threat is detected, it’s automatically blocked and you are notified in xFi and given tips on how to resolve. See more about  starting with xFi Advanced Security  to learn about eligibility requirements and how to subscribe to this feature. Security Status You can find a status of security activity in the Overview section of the xFi app or website (xfinity.com/myxfi). To view additional threat details or to resolve any threats that require your attention, select View Affected Device(s) to be taken to the Dashboard.     Advanced Security Dashboard The Dashboard gives you a comprehensive view of threats detected during the past seven days and a list of devices that have been impacted by threats.     Managing Threats Threats are split into two main categories: Those that are for awareness only and those that require attention. Awareness-Only Threats Some threats won’t require any action, but you will still be alerted. These include Suspicious Site Visits. To view additional details when no action is required, select the device from the Advanced Security dashboard. The threat details page will provide a list of threats associated with a given device, for example when the device has been blocked from visiting a dangerous website. Any time a device is blocked from accessing a site, you can opt to allow it to access. Keep in mind that by doing so, you may be putting your network at risk and making it vulnerable to malicious activity. Access will be limited to a certain amount of time due to this risk. Learn more about the  threat types .   Threats that Require Attention Some threats, such as a Targeted Network Attack, Suspicious Device Activity or Unauthorized Access Attempt, may require you to take further action. If a threat requires your attention, you’ll see an alert at the top of the Dashboard indicating how many require your attention. Select the device to access the threat details page and to take action. The threat details page will provide a list of threats that have been blocked but require your attention to ensure they don’t return. SelectHelp Me Fix Itfor tips on how to resolve the threat. Learn more about threats types.     Tips to Resolve Threats Depending on the nature of the threat that requires your attention, the following tips can help you take action to resolve the threat. Quarantine Your Device If one of your devices has been compromised, you can use xFi to pause its access or disconnect it from your home network. This will keep it from endangering other devices on your network. Update Your Software Keep your device’s software or firmware current to ensure you’ve got the latest security updates. Use the update feature usually found in your device’s settings or check with the device manufacturer. Run Antivirus Software One of the best ways to defend against network threats is by running antivirus software. If you haven’t already, install a software program, keep it updated, and run scheduled scans to keep devices free from viruses. Learn more about how to   Download Norton Security Online   for your PC, Mac and Android devices. Restart Your Device After updating your device’s software, be sure it restarts. This will complete the update and also, stop any existing communication with malicious sites. Check Your Port Forwards Open ports on your home network give potential access to malicious attackers. Ensure your port forwards are set up correctly for your devices. Learn about   port forwards and how to set them up using xFi. Disable DMZ Enabling DMZ (a demilitarized zone) may resolve a device communication issue, but it's a security risk. If a device needs to be accessible to outside sources, we recommend using   port forwarding   instead. You can disable DMZ by navigating to the   Network   section and selecting   Advanced Settings. Next, select   DMZ   and then   Edit   to access the setting. Deselect the checkbox next to   Enabled and select   Apply Changes.     Disabling and Re-Enabling Advanced Security You can disable the Advanced Security feature in xFi by navigating to  More   and selecting  My Services . From here, select  Disable   under xFi Advanced Security and follow the on screen prompts. Once disabled, you will lose 24/7 threat monitoring and real-time reporting on your home network. If you have disabled the Advanced Security feature, you can re-enable it by navigating to  More   and selecting  My Services . From here, select  Enable   under xFi Advanced Security and follow the on screen prompts. Note:  You will still be subscribed to Advanced Security even if you disable it. To unsubscribe, call 1-800-xfinity.     Xfinity Advanced Security Frequently Asked Questions What is xFi Advanced Security? xFi Advanced Security gives added peace of mind for your home network by preventing you from inadvertently visiting malicious sites or downloading dangerous files, as well as blocking remote access to smart devices from unknown or dangerous sources. Advanced Security monitors devices real-time and will alert you when devices are behaving in unusual ways that could indicate a network threat. It will also adapt to your home network and get smarter over time to keep up with new threats. How do I access Advanced Security features in xFi? Advanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway (Arris 1682G, Cisco 3941T, Arris 3482G, or Technicolor CGM4140COM) and either subscribe to Advanced Security or have xFi Advantage. To learn more, please visit how to  get started with xFi Advanced Security  for additional details. Once you have Advanced Security, you can access the security status, Dashboard and threat details from the  Overview   and  Network   sections of the Xfinity xFi app and website ( xfinity.com/myxfi ). What are the different types of threats prevented with xFi Advanced Security? Unauthorized Access Attempts An Unauthorized Access Attempt occurs when an outside device tries to access another device connected to your home network. Typically, Unauthorized Access Attempts occur through open port forwards on your connected device. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those that don’t need to be open. If the request is legitimate (e.g., if you’re trying to access your home security camera from a local coffee shop) you can locate the blocked threat in your Threat History and allow access for 30 days. Keep in mind, attackers may try to exploit access to obtain personal data or compromise your device. To prevent others from gaining such access, remember to use strong passwords and change them regularly. Suspicious Site Visit A Suspicious Site Visit occurs when we stop a device that’s connected to your home network from visiting a potentially dangerous site. This site may contain malware, spyware, ransomware, or viruses that can infect devices and make them vulnerable to personal data collection, blackmail, or attacks on other computers and networks. Often, we’ll block just a part of a page from loading (e.g., a banner ad) if there’s only one component that’s deemed to be malicious. If this happens, you’ll still be able to load the rest of the page and may not even realize malicious content was blocked. The Threat History lists all of the blocked Suspicious Site Visits, including the specific site that was blocked, and the reason why it was blocked. If a full page is blocked, and you still wish to visit it, despite the potential risk, access can be allowed for one hour. To further reduce the risk of infection, we highly recommend installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain hand-held devices. Suspicious Device Activity Most smart home devices have predictable traffic patterns and sites they contact. Suspicious Device Activity occurs when a device deviates from its normal behavior, for example, by connecting to an IP address that it doesn’t normally interact with. We’ll block this suspicious activity to avoid data theft, but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter Suspicious Device Activity, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain handheld devices. Targeted Network Attack A Targeted Network Attack occurs when a device on your network has been infected with a virus or malware and, as a result, has tried to participate in an attack on another network. This type of attack is also known as a Denial of Service attack. We’ll block this type of attack but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter a Targeted Network Attack, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain handheld devices. IP Reputation Threats An IP Reputation Threat occurs when a device that we've identified as coming from a known malicious source tries to access a device on your home network. Typically, IP Reputation Threats occur through open ports on a device connected to your home network. The goal of the attack is to gain access to a device, for example to obtain personal information and/or compromise your devices. To keep your network safe, we automatically block access attempts from known malicious sources. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those that don't need to be open. How is Advanced Security different from the Protected Browsing feature in xFi? The Protected Browsing feature in xFi prevents you from visiting websites that are known sources of malware, spyware and phishing. This feature is available to all xFi customers at no additional cost. Advanced Security adds even more protection for your devices. At times, it may block an entire website. Other times, it may only block portions of a site, such as banner ads, icons, etc. In addition, Advanced Security also blocks unknown sources from trying to access your connected devices and detects when your connected devices are behaving in unusual ways that could indicate your device has been infected by malicious software. Plus, Advanced Security is always learning so it keeps up with new security threats in real time. How is Advanced Security different from Norton Security Online? Norton Security Online is a security software program that can detect and remove viruses and malware from your PCs, Macs and Android devices. This is available at no additional cost for Xfinity Internet subscribers on up to five devices. Alternatively, xFi Advanced Security protects all your connected devices including those that can’t run antivirus software (e.g., voice assistants, smart thermostats, smart TVs, security cameras, etc.). While Advanced Security can’t remove malware that may already be on your devices like Norton Security Online can for computers, it does prevent that malware from causing harm. Using both Norton Security Online and xFi Advanced Security together will give you the most protection for all your devices. Once I've subscribed to Advanced Security, is there anything else I need to do? If you haven’t already, download the Xfinity xFi app. Once Advanced Security is enabled, you'll receive an app push notification, if you have push notifications enabled. It can take up to 15 minutes after subscribing for the feature to appear in xFi. I received a notification that Advanced Security couldn't be set up. What should I do? First, sign in to xFi and make sure your Gateway is online. You should see "Gateway Online" in the header of the Overview. Then, restart your Gateway to install the latest software. You may need to restart twice for the full install. You can do this from the   Overview   page. Once your Gateway is online again, sign back in to xFi. If Advanced Security is still not enabled after about five minutes, give us a call at 1-800-xfinity and we'll sort it out for you. Can I disable Advanced Security? Yes. To disable the Advanced Security feature in xFi, navigate to  More   and select  My Services . Then, select  Disable   under  xFi Advanced Security   and follow the on screen prompts. **Note**:   By disabling, you’ll lose 24/7 threat monitoring and real-time reporting on your home network, but you’ll still be subscribed to Advanced Security even if you’re not using it. How do I unsubscribe from Advanced Security? If you are an xFi Advantage customer, Advanced Security is included with your package. If you have subscribed to Advanced Security, you’ll need to call 1-800-xfinity to unsubscribe. Note:   Once unsubscribed from Advanced Security, the feature will no longer appear in xFi and you will see the option to re-enable Protected Browsing. How are threats detected with Advanced Security? Whenever a device is connected to your home network, activity information is transmitted through your Gateway. We gather that information which includes data from packet headers, source and destination addresses, and other metadata for analysis. This traffic flow is constantly being monitored, along with the source and destination of the traffic. This helps us determine any associated risks and, if needed, block potentially malicious actions. We also update the parameters for blocking to reflect newly-discovered known dangers and risks. If no risks or potentially malicious actions are detected, you'll see on the Dashboard that there are no threats to report. For your privacy, we don't gather personal information during this analysis nor is any encrypted traffic analyzed. I received a notification that a website was blocked that I never visited. What does this mean? In some cases, Advanced Security will allow you to access a site (or application) and will only block part of the page from loading (e.g., a banner ad) that is considered potentially dangerous. In that scenario, you will not see the blocked content while you’re browsing. When part of a page is blocked you will still receive a notification informing you the website associated with that content was blocked. How many threats should I expect to see? It's difficult to estimate a typical threat number, since each home is different. It depends on the number and type of devices as well as different factors like the security mode, port forwards and other settings you have for your home network. However, it’s not uncommon to have no threats for a week and then one to three threats another week. Those who play online games are more likely to encounter more threats, since they are more likely to have open ports on their network. It’s not uncommon to see hundreds of threats weekly if you have open ports. I haven’t had any threats reported. How do I know that Advanced Security is working? Potential threats are dependent upon the number and type of devices connected to your home network as well as factors like the security mode, port forwards and other settings you have configured. Rest assured, even if you have not received reports of any threats, your home network is still being protected by Advanced Security. Do all threats require my attention? Threats are split into two main categories: Those that require your attention and those that are for awareness only. While all threats are immediately blocked, there are somewhere we’ll recommend further action to ensure they won’t occur again.  Learn more about threat types . Attention Required These include Suspicious Device Activity, Targeted Network Attacks and Unauthorized Access Attempts, and may result in a device that’s vulnerable due to a virus or other malware. In such cases, we’ll recommend steps to secure your devices and remove any malicious software. You'll have the option to   Allow Access   for Unauthorized Access Attempts (30 days) if you'd like to override the block. Awareness Only These include Suspicious Site Visits. Consider these warning threats that may provide insight into potentially dangerous activity. You’ll have the option to   Allow Access   (one hour for sites blocked by Suspicious Site Visits) if you’d like to override the block. How can I get notified when a threat is detected? You can receive a push notification from the xFi mobile app for the following threat types: Unauthorized Access Attempts, Suspicious Device Activity and Targeted Network Attacks: From the Xfinity xFi app, select the conversation icon in the upper left-hand corner to access the Notification Center. Select the gear icon. Select   Push Notifications   to manage your notification preferences. To enable Advanced Security notifications, select the checkbox next to  xFi Advanced Security . Email and text notifications are not available at this time. Keep in mind, you can visit the Dashboard in xFi any time to check the status of all threats. If I swap out my xFi Gateway for a new one, or move and transfer my Xfinity Internet service to a new address, will I still be protected by Advanced Security? If you’re activating a compatible xFi Gateway, Advanced Security should automatically be enabled on the new Gateway within 15 minutes after activation. Please note that all previous threat information will be cleared from xFi and your Dashboard. If you don’t see Advanced Security enabled in xFi after your new Gateway is activated, you'll need to give us a call at 1-800-xfinity to have it re-enabled. Will Advanced Security work on Disney Circle? Yes; however, since traffic for devices being monitored by Circle routes through the Circle device itself, any threat that Advanced Security blocks for the monitored devices will appear as if it’s happening on the Circle device. Rest assured, threats are still blocked, but if any threats that appear for Circle need attention, you may need to take action on the devices being monitored by Circle and not the Circle device itself.       Additional Resources Learn more about Getting Started with Xfinity xFi Advanced Security Learn more about using Xfinity xFi Advanced Security Learn more about Xfinity xFi Frequently Asked Questions
View full article
How to find a compatible modem with your Xfinity Internet service
View full article
How do I log into my XFINITY modem so I can manage my home network?
View full article
Question   My Comcast Internet services were just installed, how do I find my WiFi network?     Answer   The following instructions are for Xfinity Wireless Gateways only. If you use an approved third-party modem or router for your Internet services, please refer to its user manual.   Your Xfinity Gateway comes with a default WiFi network name and password. If you have never personalized your WiFi network name and password, you can retrieve your default WiFi information on the side or bottom panel of your Gateway:     If you change your password from default settings (strongly recommended), you can access the information several ways: Xfinity My Account Online Xfinity My Account App for Mobile Devices Xfinity xFi X1 TV Box (View Only) Xfinity Wireless Gateway Admin Tool Any time you change a WiFi name or password, you must reconnect all your WiFi-enabled devices by entering the updated network name and password under the device's WiFi settings. **Note**:   Xfinity Gateways provide dual-band (2.4 GHz and 5 GHz) functionality and the ability to broadcast two networks. If you have an xFi Gateway (Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Cisco DPC3939 or Arris X5001), we strongly recommend using the   same network name and password for both bands. Doing so allows the device to optimize network traffic and improve connectivity. Xfinity My Account Online To access your WiFi information via My Account using a web browser your desktop, laptop or mobile device: Log into   My Account If you do not remember your Xfinity username and password, please   reset your password. Click   Settings   on the top of the page. (You can also click   Manage Settings   on the right-hand side or scroll down and select the   Manage Internet   tile.) Click   WiFi Network & Password. Click   Edit. From here you can change your WiFi network's name and password. Xfinity My Account App for Mobile Devices The Xfinity My Account app for mobile devices allows you to manage your Xfinity services and account settings on-the-go. Download for Apple devices Download for Android devices Log into the Xfinity My Account app. Click   Internet   on the bottom navigational menu. Click on the image of the individual Gateway you wish to edit. Click   Show WiFi settings   to view your WiFi information. Click   Change WiFi Settings   to modify these settings. If you have created an xFi account to manage your home WiFi, you will be directed to the   xFi portal.     Xfinity xFi xFi provides Xfinity customers the ability to personalize and control their home WiFi experience. To access and manage your WiFi information: Login at   www.xfinity.com/myxFi   or via the Xfinity xFi app (Download   Apple   /   Android). At the top of the   Overview   page, your WiFi name(s) is displayed. To see your password, touch or click   Show Passwords. To make changes, touch or click   Edit WiFi. Select   Apply Changes   after making any updates. Note:   To access Xfinity xFi, you must be an Xfinity Internet customer with an xFi Gateway. For additional information, please see   our Xfinity xFi Overview. X1 TV Box (View Only) For xFi Users If you have created an xFi account, the X1 TV Box offers perhaps the fastest way to access your WiFi network name and password. Using the X1 Voice Remote, press the microphone button and ask, "What's my WiFi password?" or "What is my WiFi information?" The password(s) and network name(s) will appear on the screen. You can also access your WiFi information via X1 TV Box's menu. Press the   xfinity   button on your remote control and select the   Apps   icon. Scroll down to the   Xfinity   row and then select the   Xfinity xFi app. Select   Show Wifi Password. Note:   You can navigate to the   People   and   Devices   sections to view all the connected devices in your home and pause WiFi access for a specific device or group of devices. For Xfinity Internet Subscribers without xFi Press the   xfinity   button on your remote. Scroll to the right in the menu provided and select the   gear   icon. Scroll down in the menu and select   Help. Scroll to the right and select the   WiFi tile   located under the   Troubleshooting   section. Your WiFi network name(s) and password will be displayed. Xfinity Wireless Gateway Admin Tool While many find that My Account, xFi and X1 are their preferred tools for accessing WiFi information, you may also wish to use the Xfinity Admin Tool if you are a more advanced user. Connect a laptop, computer or mobile device to your home Internet network either by WiFi or an Ethernet cable that is connected directly to your Wireless Gateway. Open a web browser and go to the Admin Tool (http://10.0.0.1). This is the wireless gateway's administration site. The default settings to access the Admin Tool are: Username: admin Password: password (case-sensitive) Click   Login. **Note**:   If you previously changed your Admin Tool password, you will need to use your new login information. If you don't remember your Admin Tool password, you will need to factory reset your Wireless Gateway. On the left navigation menu, select   Gateway, then   Connection   and then   WiFi. Under Private WiFi Network, you'll see the Name (SSID) of your WiFi network. Click Edit. If two network names display, click edit for both 2.4 GHz and 5GHz bands to view each band's settings. Check the box next to   Show Network Password   and the password will be displayed. After making changes, click   Save Settings.   How to Find Your WiFi Information on an Approved Modem and/or Router If you don't have an Xfinity Wireless Gateway but use an approved modem and/or router with your Xfinity Internet service, you can retrieve your WiFi network name and password by consulting your equipment manufacturer's user manual. Visit  MyDeviceInfo  and click on the link specific to your equipment to see more product/technical support information.     Additional Resources Manage Your Home WiFi with xFi Discover how easy it is to personalize and manage family WiFi. Share Your Network and Password information with Friends and Family It's easy to share your WiFi information with your friends and family. Having trouble staying connected to your WiFi network? Check out how to troubleshoot Internet connections. Connect Your Devices For step-by-step instructions, including a brief video, on how to connect different kinds of devices, read about connecting to a WiFi network.   How to View and Change Your WiFi Network Name and WiFi Password Instructions for viewing and changing your WiFi Name and Password for Wireless Gateways.
View full article
This article provides detailed information about Comcast provided Wireless Gateways and their features. 
View full article
Tips for troubleshooting your Xfinity Gigabit Internet Speed
View full article
Learn about what a home network is and why you need one.
View full article
This article provides you with some tips for troubleshooting your XFINITY Internet connection
View full article
 I have no Internet access and  the US and DS buttons on the modem are blinking. How do I solve this?
View full article