***Created by our Community Users***
We see many questions in the forums regarding port forwarding, so I have put together a primer to try to help those who are new to the concept.
WARNING: Port Forwarding exposes devices on your LAN to the Internet. If you DO NOT NEED to port forward, DON'T. This guide tells you how to and why you might need to port forward. The reader assumes any and all responsibility for any damage of, or intrusions into their network caused by port forwarding. What is Port Forwarding?
Port forwarding is a mechanism used in IPv4 to allow a computer, smartphone, or other device (the SOURCE) outside your Comcast HSI connection to connect to a device on your LAN (the DESTINATION). A typical Comcast residential user network might look something like this:
In this diagram, a Cable subscriber (you) has a webcam, NAS, or media server on the internal LAN behind his router/gateway. It is configured to listen on TCP port 8080, in this case. Other devices or game servers that you have may be configured to listen on a different (or many different) ports, but the principle is the same.
Let's say that the subscriber (you) want to make that server available to a family member in a different location, so they can see your webcam, or look at pictures on your media server or NAS. In order to do that, your family member needs to be able to connect, often using a web browser, or a smartphone app. The problem is that your web server is on your LAN, protected by the firewall in your router, AND it has a private address, which cannot be used on the internet. The private subnets you will see most commonly are the 192.168.0.0 and 10.0.0.0 subnets. Subnetting is beyond the scope of this discussion, as most home routers are set up out-of-the-box to use one of these submets. Under normal circumstances, you will probably never have to change this. The problem lies in the fact that these subnets cannot be routed over the internet. Port Forwarding is intended to solve that problem.
As seen in the diagram, your home router (and you must have a router of some type to perform port forwarding) is provided with an address on the public internet by Comcast. Because of a shortage of IPv4 addresses, home routers use Network Address Translation (NAT) to allow you to connect a large number of devices to your router, and give them the ability to connect to other devices on the internet. This is done by assigning each requested connection from your LAN a TCP port, so the router can track the connection. The combination of the IP address and port number is called a socket. So, when you use your computer on your LAN to go to www.google.com, your computer (the source) sends a request using a random port (usually above port 1024) to the destination (www.google.com) on port 80 (the standard http port. Because of NAT, the Google server sees your source address as the WAN IP of your router. How, you may ask. is this related to Port Forwarding? Well, port forwarding is essentially the same process, but in reverse. Think of it as inbound NAT. You router has a public IP address, but by default, it doesn't listen on many ports. This is for security, so that someone on the internet cannot easily get on to your network. Now, you have a media server or an IP Camera that you want Granny to see, so you have to tell your router to listen on a port so that you can give Granny a link to it that she can put in her web browser (how she does that we will discuss later).
How do I set up Port Forwarding
First, you have to set up your router. There is an excellent website at http://portforward.com, which will walk you through the steps of how to forward ports on just about every known router, so I am not going to go into detail on any particular model. Suffice to say that when you set up port forwarding, you tell your router to listen on a particular port (in the case of the diagram, it is port 8080), and you also tell it where to send that traffic, when it sees it. In this case, the router is told to send all traffic it ses incoming on port 8080 to the internal device at 192.168.1.200. Below is an example of the screen for configuring a Custom port forwarding service on a Netgear WNDR3700. Other router screens will look different. This is just one example:
OK, so I have set it up...how does Granny get there... Granny has a computer with a web browser. Lets say you are letting her see your IP Camera. instead of port 80, your IP Camera is designed to listen on port 8080. Under normal circumstances, you would forward the same port externally as the device listens on, so you would set up your port forwarding to listen on the WAN interface on port 8080, and internally, send all port 8080 traffic to the IP address of your IP camera. Now, when Granny browses google.com, she just types inwww.google.com in her browser, and it goes there, right? That is because google.com is listening on a well-known port for http traffic (port 80), and browsers automatically know that you want to go to port 80. What they don't know is that your router is waiting to send traffic to your IP Camera on port 8080, so when you tell Granny how to get to your camera, if you are using any port other that 80, you MUST specify the port, and that you are using the http protocol. So, you would tell granny to put the following in her browser address bar: http://<yourWANIP>:8080
To find the WAN IP of your router, you can either look at the Status page in your router interface, or browse tohttp://whatismyip.com If you don't want to give her an IP address, you would need to use some type of Dynamic DNS service (not within the scope of this discussion) to translate your WAN IP into a hostname, but you still need to specify http and the port number, like this: http://myipcam.somedomain.org:2000 (the actual name will depend on your Dynamic DNS provider) What else can I do with Port Forwarding?
The principles are the same for pretty much any device or server that you want to make available to sources outside your home. You can port forward Windows Remote Desktop Protocol, so you can log into your PC from another device with an RDP client. You can run a web server (although publicly accessible webservers are technically against the Comcast AUP for residential connections), you can access your own media server from your smartphone, so you can listen to your music wherever you are...the possibilities are pretty much endless, BUT make sure that you secure the devices you are allowing access to with strong passwords. While many security experts frown upon the concept of 'Security by Obscurity' I personally don't see that it hurts to change the port you are using for some services, especially the more common ones...Any hacker knows that Windows Remote Desktop Protocol runs on port 3389, so instead of setting your port forwarding up to listen on port 3389 on the WAN IP, use a different port (above 1024 is recommended. The highest you can go is 65535). You can still tell the router to forward the traffic to port 3389, so you don't have to mess around with the registry settings for your RDP setup on your Windows machine. That is basic port forwarding in brief. If you have any questions, please post it in the forums in the Home Networking / Router / & WiFi Gateway Help board and we will try to help. Be aware that as of writing this (April 2013) there appear to be some issues with port forwarding on some of the Comcast supplied gateway devices. Unfortunately, there isn't much we can do to remedy those, if you have set up port forwarding properly. The suggested solution is to have the gateway placed in bridge mode, and buy your own router to do your port forwarding. Also there are some quirks to setting up port forwarding on the SBG6580 gateway. See this post for details: http://forums.comcast.com/t5/Home-Networking-Router-WiFi/Port-Forwarding-for-an-IP-Camera/m-p/152957...
My Comcast Internet services were just installed, how do I find my WiFi network?
The following instructions are for Xfinity Wireless Gateways only. If you use an approved third-party modem or router for your Internet services, please refer to its user manual.
Your Xfinity Gateway comes with a default WiFi network name and password. If you have never personalized your WiFi network name and password, you can retrieve your default WiFi information on the side or bottom panel of your Gateway:
If you change your password from default settings (strongly recommended), you can access the information several ways:
Xfinity My Account Online
Xfinity My Account App for Mobile Devices
X1 TV Box (View Only)
Xfinity Wireless Gateway Admin Tool
Any time you change a WiFi name or password, you must reconnect all your WiFi-enabled devices by entering the updated network name and password under the device's WiFi settings. **Note**: Xfinity Gateways provide dual-band (2.4 GHz and 5 GHz) functionality and the ability to broadcast two networks. If you have an xFi Gateway (Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Cisco DPC3939 or Arris X5001), we strongly recommend using the same network name and password for both bands. Doing so allows the device to optimize network traffic and improve connectivity.
Xfinity My Account Online
To access your WiFi information via My Account using a web browser your desktop, laptop or mobile device:
Log into My Account
If you do not remember your Xfinity username and password, please reset your password.
Click Settings on the top of the page. (You can also click Manage Settings on the right-hand side or scroll down and select the Manage Internet tile.)
Click WiFi Network & Password.
From here you can change your WiFi network's name and password.
Xfinity My Account App for Mobile Devices
The Xfinity My Account app for mobile devices allows you to manage your Xfinity services and account settings on-the-go.
Download for Apple devices
Download for Android devices
Log into the Xfinity My Account app.
Click Internet on the bottom navigational menu.
Click on the image of the individual Gateway you wish to edit.
Click Show WiFi settings to view your WiFi information.
Click Change WiFi Settings to modify these settings.
If you have created an xFi account to manage your home WiFi, you will be directed to the xFi portal.
xFi provides Xfinity customers the ability to personalize and control their home WiFi experience. To access and manage your WiFi information:
Login at www.xfinity.com/myxFi or via the Xfinity xFi app (Download Apple / Android).
At the top of the Overview page, your WiFi name(s) is displayed. To see your password, touch or click Show Passwords.
To make changes, touch or click Edit WiFi.
Select Apply Changes after making any updates.
Note: To access Xfinity xFi, you must be an Xfinity Internet customer with an xFi Gateway. For additional information, please see our Xfinity xFi Overview.
X1 TV Box (View Only)
For xFi Users If you have created an xFi account, the X1 TV Box offers perhaps the fastest way to access your WiFi network name and password.
Using the X1 Voice Remote, press the microphone button and ask, "What's my WiFi password?" or "What is my WiFi information?"
The password(s) and network name(s) will appear on the screen.
You can also access your WiFi information via X1 TV Box's menu.
Press the xfinity button on your remote control and select the Apps icon.
Scroll down to the Xfinity row and then select the Xfinity xFi app.
Select Show Wifi Password.
Note: You can navigate to the People and Devices sections to view all the connected devices in your home and pause WiFi access for a specific device or group of devices. For Xfinity Internet Subscribers without xFi
Press the xfinity button on your remote.
Scroll to the right in the menu provided and select the gear icon.
Scroll down in the menu and select Help.
Scroll to the right and select the WiFi tile located under the Troubleshooting section.
Your WiFi network name(s) and password will be displayed.
Xfinity Wireless Gateway Admin Tool
While many find that My Account, xFi and X1 are their preferred tools for accessing WiFi information, you may also wish to use the Xfinity Admin Tool if you are a more advanced user.
Connect a laptop, computer or mobile device to your home Internet network either by WiFi or an Ethernet cable that is connected directly to your Wireless Gateway.
Open a web browser and go to the Admin Tool (http://10.0.0.1). This is the wireless gateway's administration site. The default settings to access the Admin Tool are:
Password: password (case-sensitive)
Click Login. **Note**: If you previously changed your Admin Tool password, you will need to use your new login information. If you don't remember your Admin Tool password, you will need to factory reset your Wireless Gateway.
On the left navigation menu, select Gateway, then Connection and then WiFi.
Under Private WiFi Network, you'll see the Name (SSID) of your WiFi network.
Click Edit. If two network names display, click edit for both 2.4 GHz and 5GHz bands to view each band's settings.
Check the box next to Show Network Password and the password will be displayed.
After making changes, click Save Settings.
How to Find Your WiFi Information on an Approved Modem and/or Router
If you don't have an Xfinity Wireless Gateway but use an approved modem and/or router with your Xfinity Internet service, you can retrieve your WiFi network name and password by consulting your equipment manufacturer's user manual. Visit MyDeviceInfo and click on the link specific to your equipment to see more product/technical support information.
Manage Your Home WiFi with xFi Discover how easy it is to personalize and manage family WiFi. Share Your Network and Password information with Friends and Family It's easy to share your WiFi information with your friends and family. Having trouble staying connected to your WiFi network? Check out how to troubleshoot Internet connections. Connect Your Devices For step-by-step instructions, including a brief video, on how to connect different kinds of devices, read about connecting to a WiFi network.
How to View and Change Your WiFi Network Name and WiFi Password
Instructions for viewing and changing your WiFi Name and Password for Wireless Gateways.
Getting Started with Xfinity xFi Advanced Security
Xfinity xFi Advanced Security delivers a smarter, more personalized security solution for your home network. From computers and mobile phones to home security cameras and smart thermostats, Advanced Security protects all of your connected devices for added peace of mind.
Whenever a threat is detected, it’s automatically blocked and you are notified in xFi and given tips on how to resolve.
Prevents you from inadvertently visiting malicious sites and becoming a victim of phishing attacks.
Blocks remote access to smart devices, like home cameras, from unknown or dangerous sources.
Helps monitor devices real-time and alerts you when devices are behaving in unusual ways that could indicate a network threat.
Adapts to your home network and gets smarter to keep up with new threats over time.
Provides real-time notifications and a dashboard to easily view and manage threats right from the Xfinity xFi app or website.
No additional hardware to install; all you need is a compatible xFi Gateway.
No software to install on your individual devices; your entire network is protected, once Advanced Security is enabled.
Advanced Security is a subscription service available for $5.99/month for all Xfinity Internet subscribers who rent a compatible xFi Gateway. To subscribe, visit xfinity.com/xfiadvancedsecurity . Once you have subscribed, simply download the xFi mobile app or visit the website at xfinity.com/myxfi to access the Advanced Security Dashboard from the Overview or Network sections. Learn more about using xFi Advanced Security . **Note**: If you are an xFi Advantage customer, Advanced Security is included with your package at no additional cost.
These four xFi Gateways support xFi Advanced Security:
**Note**: Xfinity xFi and Advanced Security will not be available for Gateways in Bridge Mode.
Using Xfinity xFi Advanced Security
xFi Advanced Security provides an added layer of protection for your entire network by preventing you from inadvertently accessing malicious sites, blocking remote access to smart devices from unknown or dangerous sources and monitoring activity in real time to detect when devices are behaving in unusual ways that could indicate a network threat. Whenever a threat is detected, it’s automatically blocked and you are notified in xFi and given tips on how to resolve. See more about starting with xFi Advanced Security to learn about eligibility requirements and how to subscribe to this feature.
You can find a status of security activity in the Overview section of the xFi app or website (xfinity.com/myxfi). To view additional threat details or to resolve any threats that require your attention, select View Affected Device(s) to be taken to the Dashboard.
Advanced Security Dashboard
The Dashboard gives you a comprehensive view of threats detected during the past seven days and a list of devices that have been impacted by threats.
Threats are split into two main categories: Those that are for awareness only and those that require attention.
Some threats won’t require any action, but you will still be alerted. These include Suspicious Site Visits. To view additional details when no action is required, select the device from the Advanced Security dashboard. The threat details page will provide a list of threats associated with a given device, for example when the device has been blocked from visiting a dangerous website. Any time a device is blocked from accessing a site, you can opt to allow it to access. Keep in mind that by doing so, you may be putting your network at risk and making it vulnerable to malicious activity. Access will be limited to a certain amount of time due to this risk. Learn more about the threat types .
Threats that Require Attention
Some threats, such as a Targeted Network Attack, Suspicious Device Activity or Unauthorized Access Attempt, may require you to take further action. If a threat requires your attention, you’ll see an alert at the top of the Dashboard indicating how many require your attention. Select the device to access the threat details page and to take action. The threat details page will provide a list of threats that have been blocked but require your attention to ensure they don’t return. SelectHelp Me Fix Itfor tips on how to resolve the threat. Learn more about threats types.
Tips to Resolve Threats
Depending on the nature of the threat that requires your attention, the following tips can help you take action to resolve the threat.
Quarantine Your Device If one of your devices has been compromised, you can use xFi to pause its access or disconnect it from your home network. This will keep it from endangering other devices on your network.
Update Your Software Keep your device’s software or firmware current to ensure you’ve got the latest security updates. Use the update feature usually found in your device’s settings or check with the device manufacturer.
Run Antivirus Software One of the best ways to defend against network threats is by running antivirus software. If you haven’t already, install a software program, keep it updated, and run scheduled scans to keep devices free from viruses. Learn more about how to Download Norton Security Online for your PC, Mac and Android devices.
Restart Your Device After updating your device’s software, be sure it restarts. This will complete the update and also, stop any existing communication with malicious sites.
Check Your Port Forwards Open ports on your home network give potential access to malicious attackers. Ensure your port forwards are set up correctly for your devices. Learn about port forwards and how to set them up using xFi.
Disable DMZ Enabling DMZ (a demilitarized zone) may resolve a device communication issue, but it's a security risk. If a device needs to be accessible to outside sources, we recommend using port forwarding instead. You can disable DMZ by navigating to the Network section and selecting Advanced Settings. Next, select DMZ and then Edit to access the setting. Deselect the checkbox next to Enabled and select Apply Changes.
Disabling Advanced Security
You can disable the Advanced Security feature in xFi by navigating to More and selecting My Services . From here, select Disable under xFi Advanced Security and follow the on-screen prompts. Once disabled, you will lose 24/7 threat monitoring and real-time reporting on your home network. If you have disabled the Advanced Security feature, you can re-enable it by navigating to More and selecting My Services . From here, select Enable under xFi Advanced Security and follow the on-screen prompts. **Note**: You will still be subscribed to Advanced Security even if you disable it. To unsubscribe, call 1-800-xfinity.
Xfinity Advanced Security Frequently Asked Questions
What is xFi Advanced Security? xFi Advanced Security gives added peace of mind for your home network by preventing you from inadvertently visiting malicious sites or downloading dangerous files, as well as blocking remote access to smart devices from unknown or dangerous sources. Advanced Security monitors devices real-time and will alert you when devices are behaving in unusual ways that could indicate a network threat. It will also adapt to your home network and get smarter over time to keep up with new threats. How do I access Advanced Security features in xFi? Advanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway (Arris 1682G, Cisco 3941T, Arris 3482G, or Technicolor CGM4140COM) and either subscribe to Advanced Security or have xFi Advantage. To learn more, please visit how to get started with xFi Advanced Security for additional details. Once you have Advanced Security, you can access the security status, Dashboard and threat details from the Overview and Network sections of the Xfinity xFi app and website ( xfinity.com/myxfi ). What are the different types of threats prevented with xFi Advanced Security?
Unauthorized Access Attempts An Unauthorized Access Attempt occurs when an outside device tries to access another device connected to your home network. Typically, Unauthorized Access Attempts occur through open port forwards on your connected device. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those that don’t need to be open. If the request is legitimate (e.g., if you’re trying to access your home security camera from a local coffee shop) you can locate the blocked threat in your Threat History and allow access for 30 days. Keep in mind, attackers may try to exploit access to obtain personal data or compromise your device. To prevent others from gaining such access, remember to use strong passwords and change them regularly.
Suspicious Site Visit A Suspicious Site Visit occurs when we stop a device that’s connected to your home network from visiting a potentially dangerous site. This site may contain malware, spyware, ransomware, or viruses that can infect devices and make them vulnerable to personal data collection, blackmail, or attacks on other computers and networks. Often, we’ll block just a part of a page from loading (e.g., a banner ad) if there’s only one component that’s deemed to be malicious. If this happens, you’ll still be able to load the rest of the page and may not even realize malicious content was blocked. The Threat History lists all of the blocked Suspicious Site Visits, including the specific site that was blocked, and the reason why it was blocked. If a full page is blocked, and you still wish to visit it, despite the potential risk, access can be allowed for one hour. To further reduce the risk of infection, we highly recommend installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain hand-held devices.
Suspicious Device Activity Most smart home devices have predictable traffic patterns and sites they contact. Suspicious Device Activity occurs when a device deviates from its normal behavior, for example, by connecting to an IP address that it doesn’t normally interact with. We’ll block this suspicious activity to avoid data theft, but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter Suspicious Device Activity, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain handheld devices.
Targeted Network Attack A Targeted Network Attack occurs when a device on your network has been infected with a virus or malware and, as a result, has tried to participate in an attack on another network. This type of attack is also known as a Denial of Service attack. We’ll block this type of attack but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter a Targeted Network Attack, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain handheld devices.
IP Reputation Threats An IP Reputation Threat occurs when a device that we've identified as coming from a known malicious source tries to access a device on your home network. Typically, IP Reputation Threats occur through open ports on a device connected to your home network. The goal of the attack is to gain access to a device, for example to obtain personal information and/or compromise your devices. To keep your network safe, we automatically block access attempts from known malicious sources. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those that don't need to be open.
How is Advanced Security different from the Protected Browsing feature in xFi? The Protected Browsing feature in xFi prevents you from visiting websites that are known sources of malware, spyware and phishing. This feature is available to all xFi customers at no additional cost. Advanced Security adds even more protection for your devices. At times, it may block an entire website. Other times, it may only block portions of a site, such as banner ads, icons, etc. In addition, Advanced Security also blocks unknown sources from trying to access your connected devices and detects when your connected devices are behaving in unusual ways that could indicate your device has been infected by malicious software. Plus, Advanced Security is always learning so it keeps up with new security threats in real time. How is Advanced Security different from Norton Security Online? Norton Security Online is a security software program that can detect and remove viruses and malware from your PCs, Macs and Android devices. This is available at no additional cost for Xfinity Internet subscribers on up to five devices. Alternatively, xFi Advanced Security protects all your connected devices including those that can’t run antivirus software (e.g., voice assistants, smart thermostats, smart TVs, security cameras, etc.). While Advanced Security can’t remove malware that may already be on your devices like Norton Security Online can for computers, it does prevent that malware from causing harm. Using both Norton Security Online and xFi Advanced Security together will give you the most protection for all your devices. Once I've subscribed to Advanced Security, is there anything else I need to do? If you haven’t already, download the Xfinity xFi app. Once Advanced Security is enabled, you'll receive an app push notification, if you have push notifications enabled. It can take up to 15 minutes after subscribing for the feature to appear in xFi. I received a notification that Advanced Security couldn't be set up. What should I do?
First, sign in to xFi and make sure your Gateway is online. You should see "Gateway Online" in the header of the Overview.
Then, restart your Gateway to install the latest software. You may need to restart twice for the full install. You can do this from the Overview page.
Once your Gateway is online again, sign back in to xFi.
If Advanced Security is still not enabled after about five minutes, give us a call at 1-800-xfinity and we'll sort it out for you. Can I disable Advanced Security? Yes. To disable the Advanced Security feature in xFi, navigate to More and select My Services . Then, select Disable under xFi Advanced Security and follow the on screen prompts.
**Note**: By disabling, you’ll lose 24/7 threat monitoring and real-time reporting on your home network, but you’ll still be subscribed to Advanced Security even if you’re not using it.
How do I unsubscribe from Advanced Security? If you are an xFi Advantage customer, Advanced Security is included with your package. If you have subscribed to Advanced Security, you’ll need to call 1-800-xfinity to unsubscribe.
Note: Once unsubscribed from Advanced Security, the feature will no longer appear in xFi and you will see the option to re-enable Protected Browsing.
How are threats detected with Advanced Security? Whenever a device is connected to your home network, activity information is transmitted through your Gateway. We gather that information which includes data from packet headers, source and destination addresses, and other metadata for analysis. This traffic flow is constantly being monitored, along with the source and destination of the traffic. This helps us determine any associated risks and, if needed, block potentially malicious actions. We also update the parameters for blocking to reflect newly-discovered known dangers and risks. If no risks or potentially malicious actions are detected, you'll see on the Dashboard that there are no threats to report. For your privacy, we don't gather personal information during this analysis nor is any encrypted traffic analyzed. I received a notification that a website was blocked that I never visited. What does this mean? In some cases, Advanced Security will allow you to access a site (or application) and will only block part of the page from loading (e.g., a banner ad) that is considered potentially dangerous. In that scenario, you will not see the blocked content while you’re browsing. When part of a page is blocked you will still receive a notification informing you the website associated with that content was blocked. How many threats should I expect to see? It's difficult to estimate a typical threat number, since each home is different. It depends on the number and type of devices as well as different factors like the security mode, port forwards and other settings you have for your home network. However, it’s not uncommon to have no threats for a week and then one to three threats another week. Those who play online games are more likely to encounter more threats, since they are more likely to have open ports on their network. It’s not uncommon to see hundreds of threats weekly if you have open ports. I haven’t had any threats reported. How do I know that Advanced Security is working? Potential threats are dependent upon the number and type of devices connected to your home network as well as factors like the security mode, port forwards and other settings you have configured. Rest assured, even if you have not received reports of any threats, your home network is still being protected by Advanced Security. Do all threats require my attention? Threats are split into two main categories: Those that require your attention and those that are for awareness only. While all threats are immediately blocked, there are somewhere we’ll recommend further action to ensure they won’t occur again. Learn more about threat types .
Attention Required These include Suspicious Device Activity, Targeted Network Attacks and Unauthorized Access Attempts, and may result in a device that’s vulnerable due to a virus or other malware. In such cases, we’ll recommend steps to secure your devices and remove any malicious software. You'll have the option to Allow Access for Unauthorized Access Attempts (30 days) if you'd like to override the block.
Awareness Only These include Suspicious Site Visits. Consider these warning threats that may provide insight into potentially dangerous activity. You’ll have the option to Allow Access (one hour for sites blocked by Suspicious Site Visits) if you’d like to override the block.
How can I get notified when a threat is detected? You can receive a push notification from the xFi mobile app for the following threat types: Unauthorized Access Attempts, Suspicious Device Activity and Targeted Network Attacks:
From the Xfinity xFi app, select the conversation icon in the upper left-hand corner to access the Notification Center.
Select the gear icon.
Select Push Notifications to manage your notification preferences.
To enable Advanced Security notifications, select the checkbox next to xFi Advanced Security . Email and text notifications are not available at this time. Keep in mind, you can visit the Dashboard in xFi any time to check the status of all threats. If I swap out my xFi Gateway for a new one, or move and transfer my Xfinity Internet service to a new address, will I still be protected by Advanced Security? If you’re activating a compatible xFi Gateway, Advanced Security should automatically be enabled on the new Gateway within 15 minutes after activation. Please note that all previous threat information will be cleared from xFi and your Dashboard. If you don’t see Advanced Security enabled in xFi after your new Gateway is activated, you'll need to give us a call at 1-800-xfinity to have it re-enabled. Will Advanced Security work on Disney Circle? Yes; however, since traffic for devices being monitored by Circle routes through the Circle device itself, any threat that Advanced Security blocks for the monitored devices will appear as if it’s happening on the Circle device. Rest assured, threats are still blocked, but if any threats that appear for Circle need attention, you may need to take action on the devices being monitored by Circle and not the Circle device itself.
Learn more about Getting Started with Xfinity xFi Advanced Security
Learn more about using Xfinity xFi Advanced Security
Learn more about Xfinity xFi Frequently Asked Questions
This article outlines how to activate your Xfinity Internet/Xfinity Voice service if you rent an Xfinity xFi Gateway (Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM or Cisco DPC3939). To determine the type of Gateway you have, check the make and model information located on the bottom of your device. You can also log in to My Account and select Devices to view the make and model of your Gateway.
If you do not have an xFi-compatible Gateway, please see the activation instructions for other Wireless Gateway devices.
Before you start: Download the Xfinity xFi app for free from the Apple App Store or Google Play.
Launch the Xfinity xFi app and sign in using your Xfinity username and password. (You must be the primary or an unrestricted secondary user to access.)
Select I'm setting up my Wireless Gateway. After activation you can continue to use the Xfinity xFi app to manage your home network.
Select Get Started to begin the process of setting up your Gateway. The entire process should not take longer than 20 minutes.
Select Use Camera to scan the QR code on the side or back of the device. The QR code should contain all of the information needed to begin activation. You may also be prompted to grant the Xfinity xFi app permission to access your smartphone's camera.
Note: If your device does not have a QR code to scan, you will need to enter the 12-digit CM MAC number found on the side or back of the Gateway. Select Enter Code Manually and follow the on-screen prompts. You may also be prompted to enter the CM MAC number even if your device has a QR code if we need additional information.
Your smartphone's camera will open within the Xfinity xFi app. Find the QR code and focus the camera on it. Once the QR code has been successfully scanned, you will see a green check mark.
Note: Keep your smartphone as steady as possible. If the camera has trouble focusing on the QR code, try slowly moving your smartphone away from and towards the QR code.
The app will then take you through the necessary steps to set up your Gateway (modem/router) and activate your Xfinity Internet/Xfinity Voice service. For the best WiFi coverage, set up the device in the most centrally located place in your home where there is also a cable outlet. Also, avoid placing the device in your basement or attic as this can interfere with your WiFi signal. Keep it out of cabinets or closets, and make sure it is off of the floor. Select Next to proceed through these tips.
Once you've found the best spot for your Gateway, follow the instructions to connect the coaxial cable and power cord. The lights on the front of your Gateway will flash and blink as the device prepares for activation. Select Ready to Go! to continue.
Now that your Gateway is connected, it's time to personalize your home WiFi network name and password. Enter a WiFi name and password that is easy to remember and secure. Select Next.
Confirm the WiFi name and password you entered are correct. If you need to make changes, simply select the back arrow in the top left-hand corner of the screen. If you are also activating Xfinity Voice, you will see your phone number on this screen. Select Confirm and Finish Up. Note: For customers swapping an existing xFi Gateway with a new one, you may be presented with the WiFi name and password associated with your previous device. You can choose to keep them the same, or create a new WiFi name and password. If you change the name/password, you'll need to reconnect all your devices using the new information. Your home network setup will now begin. This can take up to 10 minutes to complete. You will also be prompted to enable push notifications to be alerted when activation is complete.
Once your Gateway is activated and your WiFi is ready to go, you'll be presented with instructions on how to connect to your new WiFi network. Two shortcuts are provided to make this process even easier. Simply copy your WiFi password to your clipboard by selecting Copy and then Go to Settings. From there, go to the WiFi settings on your device, wait for your new WiFi name to show in the list of available networks, join the network and then paste your password to connect. Remember, you'll need to connect all of your WiFi-enabled devices using the WiFi name and password you created. Select Continue to XFINITY xFi to access home network personalization and control features, for example the ability to see who's most active on your network, troubleshoot any connection issues, and block inappropriate content and network threats. To learn more about xFi features, see the overview for Xfinity xFi Web Portal and Mobile App.