Getting Started with Xfinity xFi Advanced Security
Xfinity xFi Advanced Security delivers a smarter, more personalized security solution for your home network. From computers and mobile phones to home security cameras and smart thermostats, Advanced Security protects all of your connected devices for added peace of mind. Advanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway.
Features and Benefits
Prevents you from inadvertently visiting malicious sites and becoming a victim of phishing attacks.
Blocks remote access to smart devices, like home cameras, from unknown or dangerous sources.
Helps monitor devices real-time and alerts you when devices are behaving in unusual ways that could indicate a network threat.
Adapts to your home network and gets smarter to keep up with new threats over time.
Provides real-time notifications and a dashboard to easily view and manage threats right from the Xfinity xFi app or website.
No additional hardware to install; all you need is a compatible xFi Gateway.
No software to install on your individual devices; your entire network is protected, once Advanced Security is enabled.
Advanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway. Simply download the Xfinity xFi app or visit the website at xfinity.com/myxfi and log in to enable the feature. You can access the Advanced Security Dashboard from the Overview or Network sections. Learn more about using xFi Advanced Security and Comcast's commitment to Privacy and Security.
These xFi Gateways support xFi Advanced Security:
xFi Wireless Gateway
xFi Advanced Gateway
xFi Gateway (3rd Generation)
xFi Fiber Gateway
**Note**: Xfinity xFi and Advanced Security will not be available for Gateways in Bridge Mode. Advanced Security is not supported on Cisco DPC3939 Gateways.
Using Xfinity xFi Advanced Security
xFi Advanced Security provides an added layer of protection for your entire network by preventing you from inadvertently accessing malicious sites, blocking remote access to smart devices from unknown or dangerous sources and monitoring activity in real-time to detect when devices are behaving in unusual ways that could indicate a network threat. Whenever a threat is detected, it’s automatically blocked and you are notified in xFi and given tips on how to resolve. Receive real-time updates about threats to your network that require immediate attention by turning on notifications in xFi. To do this, log into the Xfinity xFi app and tap on the speech bubble in the top-left corner, then tap on the gear icon. Select Push Notifications, then check the box next to Network Activity. See above about starting with xFi Advanced Security to learn about eligibility requirements and how to access this feature.
You can find a status of security activity in the Overview section of the xFi app or website (xfinity.com/myxfi). To view additional threat details or to resolve any threats that require your attention, select View Affected Device(s) to be taken to the Dashboard.
Advanced Security Dashboard
The Dashboard gives you a comprehensive view of threats detected during the past seven days and a list of devices that have been impacted by threats.
Threats are split into two main categories: Those that are for awareness only and those that require attention.
Awareness-Only Threats Some threats won’t require any action, but you will still be alerted. These include Suspicious Site Visits. To view additional details when no action is required, select the device from the Advanced Security dashboard. The threat details page will provide a list of threats associated with a given device, for example when the device has been blocked from visiting a dangerous website. Any time a device is blocked from accessing a site, you can opt to allow it to access. Keep in mind that by doing so, you may be putting your network at risk and making it vulnerable to malicious activity. Access will be limited to a certain amount of time due to this risk. Learn more about the threat types.
Threats that Require Attention Some threats, such as a Targeted Network Attack, Suspicious Device Activity or Unauthorized Access Attempt, may require you to take further action. If a threat requires your attention, you’ll see an alert at the top of the Dashboard indicating how many require your attention. Select the device to access the threat details page and to take action. The threat details page will provide a list of threats that have been blocked but require your attention to ensure they don’t return. Select Help Me Fix It for tips on how to resolve the threat. Learn more about threat types.
Tips to Resolve Threats
Depending on the nature of the threat that requires your attention, the following tips can help you take action to resolve the threat.
Quarantine Your Device If one of your devices has been compromised, you can use xFi to pause its access or disconnect it from your home network. This will keep it from endangering other devices on your network.
Update Your Software Keep your device’s software or firmware current to ensure you’ve got the latest security updates. Use the update feature usually found in your device’s settings or check with the device manufacturer.
Run Antivirus Software One of the best ways to defend against network threats is by running antivirus software. If you haven’t already, install a software program, keep it updated, and run scheduled scans to keep devices free from viruses. Learn more about how to Download Norton Security Online for your PC, Mac and Android devices.
Restart Your Device After updating your device’s software, be sure it restarts. This will complete the update and also, stop any existing communication with malicious sites.
Check Your Port Forwards Open ports on your home network give potential access to malicious attackers. Ensure your port forwards are set up correctly for your devices. Learn about port forwards and how to set them up using xFi.
Disable DMZ Enabling DMZ (a demilitarized zone) may resolve a device communication issue, but it's a security risk. If a device needs to be accessible to outside sources, we recommend using port forwarding instead. You can disable DMZ by navigating to the Network section and selecting Advanced Settings. Next, select DMZ and then Edit to access the setting. Deselect the checkbox next to Enabled, and select Apply Changes.
Disabling and Re-Enabling Advanced Security
You can disable the Advanced Security feature in xFi by navigating to More and selecting My Services. From here, select Disable under xFi Advanced Security and follow the on screen prompts. Once disabled, you will lose 24/7 threat monitoring and real-time reporting on your home network. If you have disabled the Advanced Security feature, you can re-enable it by navigating to More and selecting My Services. From here, select Enable under xFi Advanced Security and follow the on screen prompts.
Frequently Asked Questions
What is xFi Advanced Security? xFi Advanced Security gives added peace of mind for your home network by preventing you from inadvertently visiting malicious sites or downloading dangerous files, as well as blocking remote access to smart devices from unknown or dangerous sources. Advanced Security monitors devices real-time and will alert you when devices are behaving in unusual ways that could indicate a network threat. It will also adapt to your home network and get smarter over time to keep up with new threats. How do I access Advanced Security features in xFi? Advanced Security is available to Xfinity Internet subscribers who rent one of the following compatible xFi Gateways (Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Techincolor CGM4331COM or Arris X5001). If you haven't already, download the Xfinity xFi app or visit the xFi website ( xfinity.com/myxfi ). Once you log in, Advanced Security will be enabled. You can access Advanced Security features (security status and threat details) from the Overview and Network sections. To learn more, visit how to get started with xFi for details. (Please note that Advanced Security will not be available if your Gateway is in bridge mode or if you have a Cisco DPC3939 model.) What are the different types of threats prevented with xFi Advanced Security?
Unauthorized Access Attempts An Unauthorized Access Attempt occurs when an outside device tries to access another device connected to your home network. Typically, Unauthorized Access Attempts occur through open port forwards on your connected device. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those which don’t need to be open. If the request is legitimate (e.g., if you’re trying to access your home security camera from a local coffee shop) you can locate the blocked threat in your Threat History and allow access for 30 days. Keep in mind, attackers may try to exploit access to obtain personal data or compromise your device. To prevent others from gaining such access, remember to use strong passwords and change them regularly.
Suspicious Site Visit A Suspicious Site Visit occurs when we stop a device that’s connected to your home network from visiting a potentially dangerous site. This site may contain malware, spyware, ransomware, or viruses that can infect devices and make them vulnerable to personal data collection, blackmail, or attacks on other computers and networks. Often, we’ll block just a part of a page from loading (e.g., a banner ad) if there’s only one component that’s deemed to be malicious. If this happens, you’ll still be able to load the rest of the page and may not even realize malicious content was blocked. The Threat History lists all of the blocked Suspicious Site Visits, including the specific site that was blocked, and the reason why it was blocked. If a full page is blocked, and you still want to visit it despite the potential risk, access can be allowed for one hour. To further reduce the risk of infection, we highly recommend installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain hand-held devices.
Suspicious Device Activity Most smart home devices have predictable traffic patterns and sites they contact. Suspicious Device Activity occurs when a device deviates from its normal behavior, like connecting to an IP address that it doesn’t normally interact with. We’ll block this suspicious activity to avoid data theft, but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter Suspicious Device Activity, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network, such as laptops, desktops and certain handheld devices.
Targeted Network Attack A Targeted Network Attack occurs when a device on your network has been infected with a virus or malware and, as a result, has tried to participate in an attack on another network. This type of attack is also known as a Denial of Service attack. We’ll block this type of attack, but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter a Targeted Network Attack, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain handheld devices.
IP Reputation Threats An IP Reputation Threat occurs when a device that we've identified as coming from a known malicious source tries to access a device on your home network. Typically, IP Reputation Threats occur through open ports on a device connected to your home network. The goal of the attack is to gain access to a device, for example to obtain personal information and/or compromise your devices. To keep your network safe, we automatically block access attempts from known malicious sources. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those which don't need to be open.
How is Advanced Security different from the Protected Browsing feature in xFi? Protected Browsing is a feature in xFi available to customers who rent a Cisco DPC3939 Gateway. It prevents you from visiting websites that are known sources of malware, spyware and phishing. Advanced Security adds even more protection for your devices. At times, it may block an entire website. Other times, it may only block portions of a site, such as banner ads, icons, etc. In addition, Advanced Security also blocks unknown sources from trying to access your connected devices and detects when your connected devices are behaving in unusual ways that could indicate your device has been infected by malicious software. Plus, Advanced Security is always learning so it keeps up with new security threats in real time. How is Advanced Security different from Norton Security Online? Norton Security Online is a security software program that can detect and remove viruses and malware from your PCs, Macs and Android devices. This is available at no additional cost for Xfinity Internet subscribers on up to five devices. Alternatively, xFi Advanced Security protects all your connected devices, including those that can’t run antivirus software (e.g., voice assistants, smart thermostats, smart TVs, security cameras, etc.). While Advanced Security can’t remove malware that may already be on your devices like Norton Security Online can for computers, it does prevent that malware from causing harm. Using both Norton Security Online and xFi Advanced Security together will give you the most protection for all your devices. I received a notification that Advanced Security couldn't be set up. What should I do?
First, sign in to xFi and make sure your Gateway is online. You should see "Gateway Online" in the header of the Overview.
Then, restart your Gateway to install the latest software. You may need to restart twice for the full install. You can do this from the Overview page.
Once your Gateway is online again, sign back in to xFi.
Are all of my devices protected by xFi Advanced Security? All devices connected to your Xfinity home network receive protection. However, there may be exceptions that prevent full protection, and we do not guarantee that your devices will be completely harm-free. The following devices are not fully protected:
Vivint Smart Drive (formerly referred to as Space Monkey)
This device continues to be protected against known threats, such as malicious websites, IP reputation threats and denial of service threats.
Due to this device’s configuration, it is not protected against unknown threats such as unauthorized access attempts.
How are threats detected with Advanced Security? Whenever a device is connected to your home network, activity information is transmitted through your Gateway. We gather that information, which includes data from packet headers, source and destination addresses, and other metadata for analysis. This traffic flow is constantly being monitored, along with the source and destination of the traffic. This helps us determine any associated risks and, if needed, block potentially malicious actions. We also update the parameters for blocking to reflect newly-discovered known dangers and risks. If no risks or potentially malicious actions are detected, you'll see in the app that there are no threats to report. For your privacy, we don't gather personal information during this analysis, nor is any encrypted traffic analyzed. How can I be notified when a threat is detected? You can receive a push notification from the xFi mobile app for the following threat types: Unauthorized Access Attempts, Suspicious Device Activity and Targeted Network Attacks.
From the Xfinity xFi app, select the conversation icon in the upper left-hand corner for the Notification Center.
Select the gear icon.
Select Push Notifications to manage your notification preferences.
To enable Advanced Security notifications, select the checkbox next to Network Activity . Email and text notifications aren’t available at this time. Keep in mind, you can visit the Xfinity xFi app any time to check the status of all threats. I received a notification that a website I never visited was blocked. What does this mean? In some cases, Advanced Security will allow you to access a site (or application) and will only block part of the page from loading (e.g., a banner ad) that is considered potentially dangerous. In that scenario, you won't see the blocked content while you’re browsing. When part of a page is blocked, you'll still receive a notification informing you the website associated with that content was blocked. How many threats should I expect to see? It's difficult to estimate a typical threat number, since each home is different. It depends on the number and type of devices, as well as different factors like the security mode, port forwards and other settings you have for your home network. However, it’s not uncommon to have no threats for a week and then one to three threats another week. Those who play online games are more likely to encounter more threats, since they are more likely to have open ports on their network. It’s not uncommon to see hundreds of threats weekly if you have open ports. I haven’t had any threats reported. How do I know that Advanced Security is working? Potential threats are dependent upon the number and type of devices connected to your home network, as well as factors like the security mode, port forwards and other settings you have configured. Rest assured, even if you haven't received reports of any threats, your home network is still being protected by Advanced Security. Do all threats require my attention? Threats are split into two main categories: Those that require your attention and those that are for awareness only. While all threats are immediately blocked, there are somewhere we’ll recommend further action to ensure they won’t occur again. Learn more about threat types .
Attention Required These include Suspicious Device Activity, Targeted Network Attacks and Unauthorized Access Attempts, and may result in a device that’s vulnerable due to a virus or other malware. In such cases, we’ll recommend steps to secure your devices and remove any malicious software. You'll have the option to Allow Access for Unauthorized Access Attempts (30 days) if you'd like to override the block.
Awareness Only These include Suspicious Site Visits. Consider these warning threats that may provide insight into potentially dangerous activity. You’ll have the option to Allow Access (one hour for sites blocked by Suspicious Site Visits) if you’d like to override the block.
If I swap out my xFi Gateway for a new one, or move and transfer my Xfinity Internet service to a new address, will I still be protected by Advanced Security? If you’re activating a compatible xFi Gateway, Advanced Security should automatically be enabled on the new Gateway within 15 minutes after activation. Please note that all previous threat information will be cleared from xFi and xFi Advanced Security. Will Advanced Security work on Disney Circle? Yes. However, since traffic for devices being monitored by Circle routes through the Circle device itself, any threat that Advanced Security blocks for the monitored devices will appear as if it’s happening on the Circle device. Rest assured, threats are still blocked, but if any threats that appear for Circle need attention, you may need to take action on the devices being monitored by Circle and not the Circle device itself. Can I disable Advanced Security? Yes. To disable the Advanced Security feature in xFi, navigate to More and select My Services . Then, select Disable under xFi Advanced Security and follow the on-screen prompts.
Note: By disabling, you’ll lose 24/7 threat monitoring and real-time reporting on your home network. You can re-enable the feature following the same steps and selecting Enable.
Learn more about Getting Started with Xfinity xFi Advanced Security
Learn more about using Xfinity xFi Advanced Security
Learn more about Xfinity xFi Frequently Asked Questions
Your home Gateway (such as the Xfinity xFi Gateway) broadcasts two radio bands to ensure an optimal in-home WiFi experience— one band focused on speed, and one focused on coverage.
These bands work best when they’re operating on a simple, personalized network. Simplifying and customizing your network will make it more secure and provide your devices with better connectivity, and we can help you get there.
Some Background: Understanding the 2.4 GHz and 5 GHz Bands
The 2.4 GHz band offers better WiFi coverage, but is prone to more congestion due to heavy network traffic.
The 5 GHz band offers less range, but delivers faster speeds thanks to less congestion and wider channels.
Understanding how xFi Gateways work
Xfinity xFi Gateways are all-in-one devices that deliver whole-home WiFi coverage, fast Internet speed and the ability to control your home network - for the ultimate connected experience. xFi Gateways are "dual band," meaning that they broadcast two separate radio bands for their WiFi network - a 2.4 GHz band and a 5 GHz band. Historically, you were encouraged to use a different WiFi name and password for each band. You then had to choose which band your devices should connect to. Knowing which would provide the best connection and performance was guesswork. That’s now changed. With the advanced intelligence of xFi Gateways, using the same name and password for the 2.4 GHz and 5 GHz bands lets the Gateway sort out which one will provide a better connection at any given time. You will still have both bands and all the associated functionality, channels and range. However, by using the same WiFi name and password for both, devices will connect seamlessly to the most optimal band at any given time. This is called "band steering." If you have an xFi Gateway (Arris 1682G, Cisco 3941T, Cisco DPC3939, Arris 3482G, Technicolor CGM4140COM or Arris X5001), you should simplify your WiFi and switch to using a single SSID - that is, use the same WiFi name and password for both your 2.4 GHz and 5 GHz bands, so you can take advantage of this seamless connection to the best network.
Changing your WiFi name and password
To get started using the same WiFi name and password across your entire home network, you can login to the xFi mobile app or Website. Once you’re logged in, look for the Network menu. Once you’ve located it, select the Edit WiFi option. From there, you can update your WiFi name and password—it’s that simple.
**Note**: You may need to reconnect some of your devices when using these new settings. Once it’s all said and done, your devices can choose between the best in-home WiFi connection at all times.
You can also automatically simplify to one name and password by selecting the Simplify Your WiFi tile under the Just for You header in the Overview section of xFi.
**Note**: If you have installed xFi Pods, the option to have split 2.4 and 5 GHz bands is disabled.
Added benefits of using one WiFi name and password for your network include fewer connectivity issues, a more secure home WiFi experience, and less troubleshooting. If you’re ready to get the most out of nation’s fastest Internet, log in to xFi today and get started.
Frequently Asked Questions
I only see one in-home WiFi name now and I used to see two - what happened? When you have a single name and password for your 2.4 GHz and 5 GHz bands, you will only see one option to connect. Please be assured that the second WiFi band is still working in the background to optimize your connection. What action do I need to take? If you aren't already using the same WiFi name and password for the 2.4 GHz and 5 GHz bands, you should update your WiFi name and password. The easiest way to update your settings is to select Simplify Your WiFi from the Overview section of the xFi website or mobile app. You can also update your WiFi name and password by selecting Edit WiFi from the Network section of the Xfinity xFi app or website. Learn more about xFi network settings . We'll take care of the rest in the background to optimize your network How do I know if I have an xFi Gateway with this feature? This is eligible on Gateway models Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Cisco DPC3939 and Arris X5001. To determine the type of Gateway you have, check the make and model information located on the bottom of your device. You can also log in to My Account and select Devices to view the make and model of your Gateway. What is band steering and how does it work? Band steering means the xFi Gateway determines which WiFi network band (the 2.4 GHz band or the 5 GHz band) is most optimal for a device's WiFi connection at any given time. It seamlessly changes to the best band based on signal strength and WiFi congestion thresholds. To enable band steering, the 2.4 GHz and 5 GHz bands must have the same WiFi name and password. What happens if the 2.4 GHz and 5 GHz WiFi network band names and passwords are different? If the WiFi network names and/or passwords are different, you will not be able to take advantage of band steering and will need to manually manage which WiFi network band each device connects to. This may lead to slow and intermittent connectivity issues. For example, if a mobile device is connected to the 5 GHz band and loses connection due to distance, you may need to manually reconnect to the 2.4 GHz band. With the same name and password, that process will occur automatically.
For more information refer to Benefits of Using One WiFi Name and Password for Your Home Network
For additional assistance with your Xfinity WiFi see How to improve your Xfinity Wifi
For additional assistance with troubleshooting your Xfinity WiFi see How To Troubleshoot Your Home WiFi Network with XFINITY xFi
Many factors may impact WiFi connectivity in your home. Take the following into consideration for better WiFi performance:
Check Gateway/Router Placement
Place your Gateway, modem or router in the most central location of your home, preferably on the main floor instead of the attic or basement. Make sure it is at least a couple of feet off of the floor and confirm that the coax cable connection is finger tight. Avoid putting your Gateway or router in cramped spaces or next to anything that can block the WiFi signal. The best position is in an open space away from thick surfaces (e.g., concrete walls) and other household electronics that may cause interference with the WiFi signal, such as baby monitors, cordless phones, microwave ovens, refrigerators and Bluetooth-connected devices. **Note**: Consider adding Xfinity xFi Pods to help extend your home WiFi coverage throughout your home. To learn more and purchase, go to xfinity.com/xfipods.
Regularly Reboot Your Equipment
Rebooting (or restarting) your Gateway, modem or router is good for the device's health and for your home WiFi performance. Doing this allows the device to update its software, if necessary, which can help optimize your connection and speed. Learn how to restart your WiFi equipment.
Confirm Your WiFi Network
Sometimes you may be connected to your Gateway's public WiFi hotspot network (xfinitywifi) or secure hotspot network (XFINITY), which can limit your WiFi speed. Go to the WiFi settings of your device to make sure you're connected to your personal in-home WiFi network.
Connect High-Bandwidth Devices via Ethernet
Whenever possible, plugging stationary devices directly into your Gateway or router using an Ethernet cable may provide optimal connectivity. For example, it's ideal for desktop computers, gaming consoles and video streaming devices to be connected with an Ethernet cable instead of connecting wirelessly, since activities on those devices use a lot of bandwidth (e.g., graphic-rich online gaming, movies or TV shows).
Check Bridge Mode and Antennae for Third-Party Routers
If you use your own router along with your Gateway, make sure the Gateway is in bridge mode. Learn more about bridge mode. You'll also want to position the antennae of your router so that one is pointing vertically (12 o'clock), and the other one is pointing horizontally (either 3 or 9 o'clock) to broadcast the strongest signal.
Consider a Different Speed Option
If many devices access your home WiFi network at the same time, you may want to consider a higher speed tier to improve your network's performance. We offer several speed options to serve your needs. Visit My Account to see which level of Internet service you have and the upgrade options that are available.
Other Factors That May Impact WiFi Connectivity:
Technical limitations of personal devices (e.g., an older phone that can't handle faster speeds, out of date operating systems, etc.)
The distance between personal devices and your Gateway/modem/router
Older devices which could be consuming bandwidth and slowing down your network
For more information, refer to Xfinity's in-home WiFi tip sheet. For details about staying connected to your home WiFi network, see how to troubleshoot Xfinity Internet or WiFi connection. If your Gateway is several years old, it may be time to upgrade. Find out more about upgrading your wireless network equipment.
For additional information, refer to Improving your Xfinity WiFi.
***Created by our Community Users***
We see many questions in the forums regarding port forwarding, so I have put together a primer to try to help those who are new to the concept.
WARNING: Port Forwarding exposes devices on your LAN to the Internet. If you DO NOT NEED to port forward, DON'T. This guide tells you how to and why you might need to port forward. The reader assumes any and all responsibility for any damage of, or intrusions into their network caused by port forwarding. What is Port Forwarding?
Port forwarding is a mechanism used in IPv4 to allow a computer, smartphone, or other device (the SOURCE) outside your Comcast HSI connection to connect to a device on your LAN (the DESTINATION). A typical Comcast residential user network might look something like this:
In this diagram, a Cable subscriber (you) has a webcam, NAS, or media server on the internal LAN behind his router/gateway. It is configured to listen on TCP port 8080, in this case. Other devices or game servers that you have may be configured to listen on a different (or many different) ports, but the principle is the same.
Let's say that the subscriber (you) want to make that server available to a family member in a different location, so they can see your webcam, or look at pictures on your media server or NAS. In order to do that, your family member needs to be able to connect, often using a web browser, or a smartphone app. The problem is that your web server is on your LAN, protected by the firewall in your router, AND it has a private address, which cannot be used on the internet. The private subnets you will see most commonly are the 192.168.0.0 and 10.0.0.0 subnets. Subnetting is beyond the scope of this discussion, as most home routers are set up out-of-the-box to use one of these submets. Under normal circumstances, you will probably never have to change this. The problem lies in the fact that these subnets cannot be routed over the internet. Port Forwarding is intended to solve that problem.
As seen in the diagram, your home router (and you must have a router of some type to perform port forwarding) is provided with an address on the public internet by Comcast. Because of a shortage of IPv4 addresses, home routers use Network Address Translation (NAT) to allow you to connect a large number of devices to your router, and give them the ability to connect to other devices on the internet. This is done by assigning each requested connection from your LAN a TCP port, so the router can track the connection. The combination of the IP address and port number is called a socket. So, when you use your computer on your LAN to go to www.google.com, your computer (the source) sends a request using a random port (usually above port 1024) to the destination (www.google.com) on port 80 (the standard http port. Because of NAT, the Google server sees your source address as the WAN IP of your router. How, you may ask. is this related to Port Forwarding? Well, port forwarding is essentially the same process, but in reverse. Think of it as inbound NAT. You router has a public IP address, but by default, it doesn't listen on many ports. This is for security so that someone on the internet cannot easily get on to your network. Now, you have a media server or an IP Camera that you want Granny to see, so you have to tell your router to listen on a port so that you can give Granny a link to it that she can put in her web browser (how she does that we will discuss later).
How do I set up Port Forwarding
First, you have to set up your router. There is an excellent website at http://portforward.com, which will walk you through the steps of how to forward ports on just about every known router, so I am not going to go into detail on any particular model. Suffice to say that when you set up port forwarding, you tell your router to listen on a particular port (in the case of the diagram, it is port 8080), and you also tell it where to send that traffic, when it sees it. In this case, the router is told to send all traffic it ses incoming on port 8080 to the internal device at 192.168.1.200. Below is an example of the screen for configuring a Custom port forwarding service on a Netgear WNDR3700. Other router screens will look different. This is just one example:
Setting Up Port Forwarding in the Wireless Gateway Admin Tool
To turn on the port forwarding function on your gateway, follow the steps below to create a rule.
Go to http://10.0.0.1 using a device that is connected to your network.
Log in to the Admin Tool:
Password: password (unless you changed it)
Select the Advanced menu in the left pane, then click Port Forwarding.
Select Enable. The button will turn green.
Click +ADD SERVICE in the Port Forwarding box. The Add Service page will appear.
Select the appropriate option (FTP, AIM, HTTP, PPTP), from the Common Service drop-down menu.
Selecting one of these options will automatically populate the start and end ports below the Common Service field. For a service not listed, select Other and type Service Name in the field.
Select the Service Type. The Service Type is the protocol used for sending data over the Internet. The default is TCP/UDP.
Click CONNECTED DEVICE to select the device on your network and populate these fields for the IPv4 Address or IPv6 Address fields. If the CONNECTED DEVICE button doesn't appear on the page:
Open a new browser window, follow Steps 1 and 2 from above, and go to Connected Devices > Devices, as shown below.
Click the name of your device for which you want to add the port forwarding rule, under Online Devices' Host Name.
Highlight and copy the IP address.
Return to the previous browser window and paste the IP address. The start and end ports will populate only if you selected one of the four Common Services. If not, enter the port numbers that are required for the game or service for which you want to add the port forwarding rule.
Click Save. You have created a port forwarding rule on your home network, but before you log out of the Admin Tool, take note of your WAN IP address (as seen below). You'll need this information to begin using the game or service.
OK, so I have set it up...how does Granny get there... Granny has a computer with a web browser. Lets say you are letting her see your IP Camera. instead of port 80, your IP Camera is designed to listen on port 8080. Under normal circumstances, you would forward the same port externally as the device listens on, so you would set up your port forwarding to listen on the WAN interface on port 8080, and internally, send all port 8080 traffic to the IP address of your IP camera. Now, when Granny browses google.com, she just types inwww.google.com in her browser, and it goes there, right? That is because google.com is listening on a well-known port for http traffic (port 80), and browsers automatically know that you want to go to port 80. What they don't know is that your router is waiting to send traffic to your IP Camera on port 8080, so when you tell Granny how to get to your camera, if you are using any port other that 80, you MUST specify the port, and that you are using the http protocol. So, you would tell granny to put the following in her browser address bar: http://<yourWANIP>:8080
To find the WAN IP of your router, you can either look at the Status page in your router interface, or browse tohttp://whatismyip.com If you don't want to give her an IP address, you would need to use some type of Dynamic DNS service (not within the scope of this discussion) to translate your WAN IP into a hostname, but you still need to specify http and the port number, like this: http://myipcam.somedomain.org:2000 (the actual name will depend on your Dynamic DNS provider)
What else can I do with Port Forwarding?
The principles are the same for pretty much any device or server that you want to make available to sources outside your home. You can port forward Windows Remote Desktop Protocol, so you can log into your PC from another device with an RDP client. You can run a web server (although publicly accessible webservers are technically against the Comcast AUP for residential connections), you can access your own media server from your smartphone, so you can listen to your music wherever you are...the possibilities are pretty much endless, BUT make sure that you secure the devices you are allowing access to with strong passwords. While many security experts frown upon the concept of 'Security by Obscurity' I personally don't see that it hurts to change the port you are using for some services, especially the more common ones...Any hacker knows that Windows Remote Desktop Protocol runs on port 3389, so instead of setting your port forwarding up to listen on port 3389 on the WAN IP, use a different port (above 1024 is recommended. The highest you can go is 65535). You can still tell the router to forward the traffic to port 3389, so you don't have to mess around with the registry settings for your RDP setup on your Windows machine. That is basic port forwarding in brief. If you have any questions, please post it in the forums in the Home Networking / Router / & WiFi Gateway Help board and we will try to help.
Is your device currently connected to your home network?
If the device is not currently connected to your home network, adding a port forward may not work. Try connecting your device to your home network and then setting up the desired port forward. Connecting to your network first will ensure the device has a valid DHCP address within the DHCP range for port forwarding.
Are port forwards you previously set up not appearing in xFi? When attempting to set up a port forward, are you receiving a message that we’re having some trouble, or that the port you are trying to set up already exists?
If you have previously set up a port forward but it is not appearing in xFi, or when attempting to set up a port forward, you are receiving a message that we’re having some trouble, or that the port already exists, editing your LAN settings may resolve the issue. This will clear any pre-existing port forwards that may not be appearing in xFi but are causing issues, and should allow you to successfully set up new port forwards. Any small adjustment made to your LAN settings should be enough to clear existing port forwards. Once the changes have been applied, you can immediately change the settings back to the previous if desired. Once completed, try setting up your port forwards as desired.
Have your LAN settings recently changed?
If you changed your LAN settings, port forwards you previously set up will no longer work. You will need to set up your port forwards again.
Does the device you’re attempting to set up a port forward for have an IPv6 address?
xFi does not currently allow you to set up port forward for devices that have an IPv6 address since port forwarding should not be needed for these devices. If the device is dual stack (has both an IPv4 and IPv6 address) the IP recognized by xFi depends on which address your device defaults to. Port forwarding can only be configured in xFi if the device is using the IPv4 address.
There are some quirks to setting up port forwarding on the SBG6580 gateway. See this post for details: http://forums.comcast.com/t5/Home-Networking-Router-WiFi/Port-Forwarding-for-an-IP-Camera/m-p/152957...
Ports on the internet are like virtual passageways where data can travel. All information on the internet passes through ports to get to and from computers and servers. When a certain port is known to cause vulnerability to the security and privacy of your information, Xfinity blocks it to protect you.
Find the Reasons for Blocking Listed Below
Direction Downstream/ Upstream to CPE
Reason for Block
Port 0 is a reserved port, which means it should not be used by applications. Network abuse has prompted the need to block this port.
Port 25 is unsecured, and Botnet spammers can use it to send spam. This does not affect Xfinity Connect usage. We recommend learning more about configuring your email settings to Comcast email to use port 587.
UDP Port 67, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks.
NetBios services allow file sharing over networks. When improperly configured, ports 135-139 can expose critical system files or give full file system access (run, delete, copy) to any malicious intruder connected to the network.
SNMP is vulnerable to reflected amplification distributed denial of service (DDoS) attacks.
Port 445 is vulnerable to attacks, exploits and malware such as the Sasser and Nimda worms.
Port 520 is vulnerable to malicious route updates, which provides several attack possibilities.
UDP Port 547, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks.
Port 1080 is vulnerable to, among others, viruses, worms and DoS attacks.
Port 1900 is vulnerable to DoS attacks.
Enable Port Blocking on Your Router
If you’re concerned about the security of your wireless home network, one thing you can do is enable port blocking – this can help prevent unwanted outside connections to your network’s devices. While port blocking is advanced, you can enable it on certain routers with a few simple steps. Here’s how: Note: These instructions apply only to the following devices:
Netgear CG814v 1&2
Linksys WCG200v 1&2
Log on to your router’s administration site.
Click on the Select a Computer/Device button to view the IP addresses of the computers connected to your gateway.
Enter the IP address range in the IP Range fields.
Enter the Port range in the Port Range fields.
Select the Enable check box.
Why is Port 25 for Email Submission Not Supported?
Email is used for important communications and Comcast wants to ensure that these communications are as secure and as private as possible. As such, Comcast does not support port 25 for the transmission of email by our residential Internet customers. Much of the current use of port 25 is by computers that have been infected by malware and are sending spam without the knowledge of the users of those computers.
Why is Comcast Supporting Port 587?
The original/legacy email ports, 25 and 110, have been in use since the inception of email and have limited or no security features. As a result, port 25 has been used for the transmission of spam and malware from infected computers for nearly a decade. Port 110 simply is not a secure means of retrieving email. Port 995 provides SSL encryption when downloading email. It has been a long-standing recommendation from M 3 AAWG, an international community of anti-abuse professionals, and the Internet Engineering Task Force (IETF), that port 25 be blocked. In an effort to provide our customers with the greatest security when using email, Comcast recommends the use of the industry-recommended port 587 with TLS/SSL enabled. The recommendations from M 3 AAWG can be read here and you can also view the IETF RFC 5068and RFC 4409 (section 3.1, see below). From RFC 4409: 3.1. Submission Identification Port 587 is reserved for email message submission as specified in this document. Messages received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with additional restrictions or allowances as specified here. Although most email clients and servers can be configured to use port 587 instead of 25, there are cases where this is not possible or convenient. A site may choose to use port 25 for message submission by designating some hosts to be MSAs and others to be MTAs.
What Makes These Settings More Secure?
Port 587 further improves security through the use of required authentication and recommended TLS/SSL encryption. Required Authentication When sending and receiving email, it is required that you use your Xfinity username and password. This helps to prevent infected computers and other devices connected to the Xfinity services from being able to freely transmit spam and malware. SSL Encryption Secure Sockets Layer (SSL) is a secure protocol for sending data safely and encrypted over the Internet. With SSL encryption your user ID, password, and email are secured from hackers and identity thieves when sending or receiving email.
Other Bodies Opposed to the Use of Port 25
There are a number of other organizations that Comcast works with to control the problem of spam on the Internet. One of the most notable of these is Spamhaus, an organization that provides a number of lists detailing IP addresses known to send a great deal of spam and a list of IP addresses that should never send email at all. These lists, as well as others provided by similar organizations, are used by nearly all of the ISPs and mail receivers on the planet. All of the Comcast dynamic IP address space is listed by Spamhaus as not to be used for the sending of email. As such, any email sent by subscribers on the Comcast network directly to other ISPs (not via the Comcast mail servers) is extremely likely to be blocked by the receiving ISP. The Federal Trade Commission, an organization that has taken legal action against many spammers, also recommends that Port 25 should be blocked by ISPs. The FTC’s recommendation is as follows: "Block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers." The ITU also recommends blocking port 25 in their document named "ITU Botnet Mitigation Toolkit". This can be viewed here. While this document is focused on the remediation of botted computers, blocking of port 25 is seen as an important step in mitigating the spam that is sent from botted machines.
ISPs that Manage Port 25
Many ISPs, both in the USA and around the globe, block port 25. These include:
All Japanese ISPs
For additional information see here: https://www.xfinity.com/support/articles/list-of-blocked-ports
The Terabyte Internet Data Usage Plan provides you with 1 TB (1024 GB ) of Internet data usage each month as part of your monthly Xfinity Internet service. If you choose to use more than 1 TB in a month, we will automatically add blocks of 50 GB to your account for an additional fee of $10 each. Your charges, however, will not exceed $200 each month, no matter how much you use. And, we're offering you two courtesy months, so you will not be billed the first two times you exceed a terabyte. This data plan is based on a principle of fairness. Those who use more Internet data, pay more. And those who use less Internet data, pay less. It is important to know that only a very small percentage of our customers use more than 1 terabyte of data and are not likely to be impacted by this plan, so they can continue to stream, surf, and download without worry. To see your actual usage, sign in to My Account. A terabyte is a massive amount of data. What can you do with a terabyte each month?
Stream between 600 and 700 hours of HD video
Play online games for more than 12,000 hours
Stream more than 15,000 hours of music
Upload or download more than 60,000 hi-res photos
For those who regularly use more than a terabyte in a month, we also offer an Unlimited Data Option. The Unlimited Data Option costs an additional fee of $50 per calendar month. The fee is independent of actual data usage. The 1 Terabyte Data Usage Plan will not apply to customers who enroll in the Unlimited Data Option. A Flexible Data Option is also available to our Economy Plus and Performance Starter customers and is specifically designed for casual or light Internet users who typically use 5 GB of data or less each month. Enrollment is optional and provides an automatic $5 credit if your total monthly data usage is less than or equal to 5 GB per month. However, if you use 6 GB of data or more in any given month, you will not receive the $5 credit and will be charged $1 for each GB of data used over the 5 GB included in the Flexible Data Option (up to $200 per month). These charges would be in addition to the price of your monthly Xfinity Internet service charge.
We offer tools to help you track and manage your usage so there are never any surprises about how much data you use:
Data Usage Meter in My Account - Monitor how much data you have used with our Data Usage Meter.
Xfinity My Account App - You can also monitor how much data you have used in our mobile app. (Download the Xfinity My Account app.)
Notifications - We will send you an "in-browser" notice and an email letting you know when you approach, reach and exceed a terabyte. You can also elect to receive notifications at additional thresholds as well as set up mobile text notifications. Usage notifications will not be sent to customers who enroll in the Unlimited Data Option.
Data Plan Website - Summary of plan features and additional tools and tips related to the data plans. To visit, go to dataplan.xfinity.com.
Xfinity Internet customers in the following locations have the Terabyte Data Internet Usage Plan:
The Terabyte Internet Data Usage Plan is suspended in Maine, effective December 1, 2016. The Terabyte Internet Data Usage Plan does not currently apply to Xfinity Internet customers on our Gigabit Pro tier of service. The plan also does not apply to Business Internet customers, customers on Bulk Internet agreements, and customers with Prepaid Internet.
For additional information about Comcast's Data Usage Plan see here: https://dataplan.xfinity.com/faq/
For frequently asked questions about Comcast's Data Usage plan see here: https://www.xfinity.com/support/articles/data-usage-plan?
and here: https://dataplan.xfinity.com/faq/
***Created by our Community Experts***
If you use Identity Safe, backup your Identity Safe data See Export instructions here http://forums.comcast.net/t5/Security-and-Anti-Virus/How-to-Export-Import-NSS-Identity-Safe-Data/m-p...
Uninstall NSS via normal removal procedures. (Add/Remove programs )
Please Note: During the uninstall of NSS, you should select the top option "I plan to reinstall a Norton Product in the future. Please leave my settings behind." The reason for the backup (Export/Import of ID Safe data) is a safety factor.
Follow the instructions found here: http://constantguard.comcast.net/norton?cid=NET_33_601 to download and install a fresh copy of NSS.
Once installation is complete, open NSS and manually Run LiveUpdate (located on drop-down under PC Security on left side of main page of NSS) as many times as necessary for it to respond "no more updates available". If a reboot is requested, reboot and then continue to Run LiveUpdate until it responds "no more updates available" and then reboot one last time. Your installation should now be up to date definition wise and ready for use.
After installation and update,if your Identity Safe data was not reinstalled, complete the Import portion of the instructions here for Identity Safe Data http://forums.comcast.net/t5/Security-and-Anti-Virus/How-to-Export-Import-NSS-Identity-Safe-Data/m-p...
***Created by our Community Experts***
**Note**: These instructions should also be followed if changing from one Norton product to another. ie a paid/trial subscription from Norton to the Comcast version, or a version upgrade of NSS which is more than one upgrade old.
If you use Identity Safe, backup your Identity Safe data (See Export instructions here- http://forums.comcast.net/t5/Security-and-Anti-Virus/How-to-Export-Import-NSS-Identity-Safe-Data/m-p...
Uninstall NSS via normal removal procedures. (Add/Remove programs )
After it is uninstalled, run the Norton Remove and Reinstall Tool following the instructions here:
After running the Removal Tool, reboot, and download and install a fresh copy of NSS from here:
Once the installation is complete, open NSS and manually Run LiveUpdate (located on drop-down under PC Security on the left side of the main page of NSS) as many times as necessary for it to respond "no more updates available". If a reboot is requested, reboot and then continue to Run LiveUpdate until it responds "no more updates available" and then reboot one last time. Your installation should now be up to date definition wise and ready for use.
After installation and update, complete the Import portion of the instructions here for Identity Safe Data here - http://forums.comcast.net/t5/Security-and-Anti-Virus/How-to-Export-Import-NSS-Identity-Safe-Data/m-p...
Help secure your devices, your personal information, and your family against online threats with easy-to-use Internet security tips. Print a copy for easy reference.
The risks are real, but the solution is clear
Install Norton™ Security Online
Help shield your PC, Mac, and mobile devices from viruses and online threats with top-rated¹ security software and services from Norton. Norton Security Online is included at no additional cost with your Xfinity Internet service.
Don’t be fooled by social engineering
Social engineering is the art of manipulating people to performing actions or divulging confidential information. Before you let anybody in on sensitive details about you, make sure that you can verify their credibility.
Be extra careful while clicking links and attachments in emails
Phishing is a method used by Internet scammers who imitate real companies or individuals in email messages to entice people to share user names, passwords, account information or credit card numbers. Be wary before clicking on attachments and links because, even though the sending party might look legitimate, there is a possibility that they might not be.
Strong passwords for accounts and devices
When creating a password, use a combination of uppercase and lowercase letters, numbers, and symbols. The longer your passwords are, the harder they are to crack. Never use the same password for multiple accounts, especially for sensitive sites like social media, email or banking websites. Learn more.
Using multi-factor authentication
Multi-factor authentication (MFA) is a best practice to help further protect yourself against hacks and social engineering. MFA works by requiring you to login with more than one set of credentials to authenticate your identity. Turn on MFA when a website or app offers it, especially for sensitive sites like social media, email or banking websites. Xfinity offers two-step verification to help protect online access to My Account, Xfinity web pages, and most apps. Learn more and enroll today!
Learn about security and privacy settings with social media
Learn about security and privacy settings. Be careful when sharing personal information and never share sensitive or confidential information on social media. Never share your full birthdate, current address or location when you’ll be away from home for a long period of time.
Handling sensitive files in emails
While it’s important to have strong passwo rds on your devices and email accounts, you should take extra precaution to safeguard sensitive files you store or transfer. Sensitive information includes W2 forms, credit card numbers, bank account info, driver’s license numbers, social security numbers, insurance numbers, etc. Encrypt these types of files before sending to another person.
Keep apps and operating systems updated
Keep your devices’ operating system and apps updated to the latest version to ensure the latest security patches are installed. Take extra care to make sure Adobe Flash, Java and other utilities stay updated to prevent cyber attacks. If your device offers auto-update for apps, turn this feature on.
Securing payment info and personal information when shopping
When shopping online, submit payment information on websites with a URL that starts with https:// The "s" stands for secure. If you’re shopping on a mobile device, only submit payment information on trusted, well-known apps. Use caution when saving payment information in your web browser or mobile wallet.
Talk with your family about protecting your online presence and cyberbullying
For families that share devices or regularly interact online together, it’s important to have a conversation about internet safety. Review the tips above and have an open discussion with your family about protecting your online presence and educating them about the pitfalls of cyberbullying.
Trusted Security Partners
Comcast partners with trusted national organizations who provide digital media awareness for children, education on how it affects them, and articles on how to promote safe online habits.
Learn more about Xfinity Internet Security Tips
Learn more about Internet Security Education
¹ Ratings and Performance: AV-TEST, "Best Protection 2017 Award," March 2018, AV-TEST, "Product Review and Certification Report," September-October 2017, PassMark Software, "Consumer Security Products Performance Benchmarks (Edition 1)," November 2017
Need to turn off the 5gz Wifi network and only run the 2.4gz so I can install my security cameras (Zmodo), how do I do this?
Your Xfinity Wireless Gateway broadcasts an additional “xfinitywifi” network signal, creating an extension of the Xfinity WiFi network right in your home. We designed this feature for you and this service is completely separate from your secure, private home WiFi network and allows guests to sign in and connect without sharing your secure network password. Your Home Hotspot is included with your service at no additional charge. To learn how to enable or disable your Xfinity WiFi Home Hotspot, please read the instructions below. Notes:
Xfinity WiFi hotspots are available at no extra charge if you rent an Xfinity Gateway, including the xFi Advanced Gateway (model numbers TG3482G, CGM4140COM), xFi Gateway (model numbers DPC3939, DPC3941T, TG1682G), and Xfinity Gateway 2 (model numbers Arris TG852G and TG862G, Technicolor TC8305C). Find your Gateway make and model by looking at the UPC seal located on the bottom or back of your device.
We encourage you to keep the Xfinity WiFi Home Hotspot feature enabled, as it allows more people to enjoy the benefits of Xfinity WiFi.
Enable or Disable the Xfinity WiFi Home Hotspot Feature in My Account
Go to https://customer.xfinity.com/#/settings/security/hotspot.
Sign in to your account using your Xfinity username and password.
Click Turn Off or Turn On to disable or enable your public hotspot. (Note: Your default hotspot status is enabled.)
Confirm your selection.
A confirmation message will appear.
**Note**: If you are presented with information about Xfinity WiFi but do not see the option to Turn On or Turn Off, you have a device that is not eligible for the feature and is not broadcasting a public hotspot signal. To learn more about the home hotspot feature, to find a hotspot near you, or to download the Xfinity WiFi Hotspots app, visit xfinity.com/wifi.
Hiding or Disabling Your In-Home WiFi Network in the Local Admin Tool
Begin by connecting to your WiFi network and accessing 10.0.0.1 from a web browser.
Navigate to Gateway > Connection > Wi-Fi, where you will see your private WiFi network name(s) displayed.
If you would like to hide your WiFi network from broadcasting (this will prevent your WiFi name from being visible in a list of networks), uncheck the Enabled box in the Broadcast Network Name (SSID) field at the bottom of the page. If you would like to disable the radio that transmits your WiFi network's signal (this will disable your WiFi), select Disable in the Wireless Network field. To complete either change, click Save Settings at the bottom of the page.
To complete either change, click SAVE SETTINGS at the bottom of the page.
Hiding Your In-Home WiFi Network in Xfinity xFi
Visit www.xfinity.com/myxFi or open the Xfinity xFi app and sign in with your Xfinity username and password.
Navigate to the Network section, where you will see your WiFi name(s) displayed at the top of the page.
If you would like to hide your WiFi network from broadcasting, select Edit next to your WiFi name. A new dialog window will appear. Uncheck Broadcast WiFi Name and select Apply Changes at the bottom of the dialog window.
**Note**: You cannot disable your WiFi network in Xfinity xFi.
Read more about turning your Xfinity WiFi Hotspot On or Off.
Read more about hiding or disabling your in-home WiFi Network.
Read about the most common Xfinity WiFi Home Hotspot questions. See Xfinity WiFi Home Hotspots to learn more about the nation's largest and fastest WiFi network.
My Comcast Internet services were just installed, how do I find my WiFi network?
The following instructions are for Xfinity Wireless Gateways only. If you use an approved third-party modem or router for your Internet services, please refer to its user manual.
Your Xfinity Gateway comes with a default WiFi network name and password. If you have never personalized your WiFi network name and password, you can retrieve your default WiFi information on the side or bottom panel of your Gateway:
If you change your password from default settings (strongly recommended), you can access the information several ways:
Xfinity My Account Online
Xfinity My Account App for Mobile Devices
X1 TV Box (View Only)
Xfinity Wireless Gateway Admin Tool
Any time you change a WiFi name or password, you must reconnect all your WiFi-enabled devices by entering the updated network name and password under the device's WiFi settings. **Note**: Xfinity Gateways provide dual-band (2.4 GHz and 5 GHz) functionality and the ability to broadcast two networks. If you have an xFi Gateway (Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Cisco DPC3939 or Arris X5001), we strongly recommend using the same network name and password for both bands. Doing so allows the device to optimize network traffic and improve connectivity.
Xfinity My Account Online
To access your WiFi information via My Account using a web browser your desktop, laptop or mobile device:
Log into My Account
If you do not remember your Xfinity username and password, please reset your password.
Click Settings on the top of the page. (You can also click Manage Settings on the right-hand side or scroll down and select the Manage Internet tile.)
Click WiFi Network & Password.
From here you can change your WiFi network's name and password.
Xfinity My Account App for Mobile Devices
The Xfinity My Account app for mobile devices allows you to manage your Xfinity services and account settings on-the-go.
Download for Apple devices
Download for Android devices
Log into the Xfinity My Account app.
Click Internet on the bottom navigational menu.
Click on the image of the individual Gateway you wish to edit.
Click Show WiFi settings to view your WiFi information.
Click Change WiFi Settings to modify these settings.
If you have created an xFi account to manage your home WiFi, you will be directed to the xFi portal.
xFi provides Xfinity customers the ability to personalize and control their home WiFi experience. To access and manage your WiFi information:
Login at www.xfinity.com/myxFi or via the Xfinity xFi app (Download Apple / Android).
At the top of the Overview page, your WiFi name(s) is displayed. To see your password, touch or click Show Passwords.
To make changes, touch or click Edit WiFi.
Select Apply Changes after making any updates.
Note: To access Xfinity xFi, you must be an Xfinity Internet customer with an xFi Gateway. For additional information, please see our Xfinity xFi Overview.
X1 TV Box (View Only)
For xFi Users If you have created an xFi account, the X1 TV Box offers perhaps the fastest way to access your WiFi network name and password.
Using the X1 Voice Remote, press the microphone button and ask, "What's my WiFi password?" or "What is my WiFi information?"
The password(s) and network name(s) will appear on the screen.
You can also access your WiFi information via X1 TV Box's menu.
Press the xfinity button on your remote control and select the Apps icon.
Scroll down to the Xfinity row and then select the Xfinity xFi app.
Select Show Wifi Password.
Note: You can navigate to the People and Devices sections to view all the connected devices in your home and pause WiFi access for a specific device or group of devices. For Xfinity Internet Subscribers without xFi
Press the xfinity button on your remote.
Scroll to the right in the menu provided and select the gear icon.
Scroll down in the menu and select Help.
Scroll to the right and select the WiFi tile located under the Troubleshooting section.
Your WiFi network name(s) and password will be displayed.
Xfinity Wireless Gateway Admin Tool
While many find that My Account, xFi and X1 are their preferred tools for accessing WiFi information, you may also wish to use the Xfinity Admin Tool if you are a more advanced user.
Connect a laptop, computer or mobile device to your home Internet network either by WiFi or an Ethernet cable that is connected directly to your Wireless Gateway.
Open a web browser and go to the Admin Tool (http://10.0.0.1). This is the wireless gateway's administration site. The default settings to access the Admin Tool are:
Password: password (case-sensitive)
Click Login. **Note**: If you previously changed your Admin Tool password, you will need to use your new login information. If you don't remember your Admin Tool password, you will need to factory reset your Wireless Gateway.
On the left navigation menu, select Gateway, then Connection and then WiFi.
Under Private WiFi Network, you'll see the Name (SSID) of your WiFi network.
Click Edit. If two network names display, click edit for both 2.4 GHz and 5GHz bands to view each band's settings.
Check the box next to Show Network Password and the password will be displayed.
After making changes, click Save Settings.
How to Find Your WiFi Information on an Approved Modem and/or Router
If you don't have an Xfinity Wireless Gateway but use an approved modem and/or router with your Xfinity Internet service, you can retrieve your WiFi network name and password by consulting your equipment manufacturer's user manual. Visit MyDeviceInfo and click on the link specific to your equipment to see more product/technical support information.
Manage Your Home WiFi with xFi Discover how easy it is to personalize and manage family WiFi. Share Your Network and Password information with Friends and Family It's easy to share your WiFi information with your friends and family. Having trouble staying connected to your WiFi network? Check out how to troubleshoot Internet connections. Connect Your Devices For step-by-step instructions, including a brief video, on how to connect different kinds of devices, read about connecting to a WiFi network.
How to View and Change Your WiFi Network Name and WiFi Password
Instructions for viewing and changing your WiFi Name and Password for Wireless Gateways.