Getting Started with Xfinity xFi Advanced Security
Xfinity xFi Advanced Security delivers a smarter, more personalized security solution for your home network. From computers and mobile phones to home security cameras and smart thermostats, Advanced Security protects all of your connected devices for added peace of mind. Advanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway.
Features and Benefits
Prevents you from inadvertently visiting malicious sites and becoming a victim of phishing attacks.
Blocks remote access to smart devices, like home cameras, from unknown or dangerous sources.
Helps monitor devices real-time and alerts you when devices are behaving in unusual ways that could indicate a network threat.
Adapts to your home network and gets smarter to keep up with new threats over time.
Provides real-time notifications and a dashboard to easily view and manage threats right from the Xfinity xFi app or website.
No additional hardware to install; all you need is a compatible xFi Gateway.
No software to install on your individual devices; your entire network is protected, once Advanced Security is enabled.
Advanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway. Simply download the Xfinity xFi app or visit the website at xfinity.com/myxfi and log in to enable the feature. You can access the Advanced Security Dashboard from the Overview or Network sections. Learn more about using xFi Advanced Security and Comcast's commitment to Privacy and Security.
These xFi Gateways support xFi Advanced Security:
xFi Wireless Gateway
xFi Advanced Gateway
xFi Gateway (3rd Generation)
xFi Fiber Gateway
**Note**: Xfinity xFi and Advanced Security will not be available for Gateways in Bridge Mode. Advanced Security is not supported on Cisco DPC3939 Gateways.
Using Xfinity xFi Advanced Security
xFi Advanced Security provides an added layer of protection for your entire network by preventing you from inadvertently accessing malicious sites, blocking remote access to smart devices from unknown or dangerous sources and monitoring activity in real-time to detect when devices are behaving in unusual ways that could indicate a network threat. Whenever a threat is detected, it’s automatically blocked and you are notified in xFi and given tips on how to resolve. Receive real-time updates about threats to your network that require immediate attention by turning on notifications in xFi. To do this, log into the Xfinity xFi app and tap on the speech bubble in the top-left corner, then tap on the gear icon. Select Push Notifications, then check the box next to Network Activity. See above about starting with xFi Advanced Security to learn about eligibility requirements and how to access this feature.
You can find a status of security activity in the Overview section of the xFi app or website (xfinity.com/myxfi). To view additional threat details or to resolve any threats that require your attention, select View Affected Device(s) to be taken to the Dashboard.
Advanced Security Dashboard
The Dashboard gives you a comprehensive view of threats detected during the past seven days and a list of devices that have been impacted by threats.
Threats are split into two main categories: Those that are for awareness only and those that require attention.
Awareness-Only Threats Some threats won’t require any action, but you will still be alerted. These include Suspicious Site Visits. To view additional details when no action is required, select the device from the Advanced Security dashboard. The threat details page will provide a list of threats associated with a given device, for example when the device has been blocked from visiting a dangerous website. Any time a device is blocked from accessing a site, you can opt to allow it to access. Keep in mind that by doing so, you may be putting your network at risk and making it vulnerable to malicious activity. Access will be limited to a certain amount of time due to this risk. Learn more about the threat types.
Threats that Require Attention Some threats, such as a Targeted Network Attack, Suspicious Device Activity or Unauthorized Access Attempt, may require you to take further action. If a threat requires your attention, you’ll see an alert at the top of the Dashboard indicating how many require your attention. Select the device to access the threat details page and to take action. The threat details page will provide a list of threats that have been blocked but require your attention to ensure they don’t return. Select Help Me Fix It for tips on how to resolve the threat. Learn more about threat types.
Tips to Resolve Threats
Depending on the nature of the threat that requires your attention, the following tips can help you take action to resolve the threat.
Quarantine Your Device If one of your devices has been compromised, you can use xFi to pause its access or disconnect it from your home network. This will keep it from endangering other devices on your network.
Update Your Software Keep your device’s software or firmware current to ensure you’ve got the latest security updates. Use the update feature usually found in your device’s settings or check with the device manufacturer.
Run Antivirus Software One of the best ways to defend against network threats is by running antivirus software. If you haven’t already, install a software program, keep it updated, and run scheduled scans to keep devices free from viruses. Learn more about how to Download Norton Security Online for your PC, Mac and Android devices.
Restart Your Device After updating your device’s software, be sure it restarts. This will complete the update and also, stop any existing communication with malicious sites.
Check Your Port Forwards Open ports on your home network give potential access to malicious attackers. Ensure your port forwards are set up correctly for your devices. Learn about port forwards and how to set them up using xFi.
Disable DMZ Enabling DMZ (a demilitarized zone) may resolve a device communication issue, but it's a security risk. If a device needs to be accessible to outside sources, we recommend using port forwarding instead. You can disable DMZ by navigating to the Network section and selecting Advanced Settings. Next, select DMZ and then Edit to access the setting. Deselect the checkbox next to Enabled, and select Apply Changes.
Disabling and Re-Enabling Advanced Security
You can disable the Advanced Security feature in xFi by navigating to More and selecting My Services. From here, select Disable under xFi Advanced Security and follow the on screen prompts. Once disabled, you will lose 24/7 threat monitoring and real-time reporting on your home network. If you have disabled the Advanced Security feature, you can re-enable it by navigating to More and selecting My Services. From here, select Enable under xFi Advanced Security and follow the on screen prompts.
Frequently Asked Questions
What is xFi Advanced Security? xFi Advanced Security gives added peace of mind for your home network by preventing you from inadvertently visiting malicious sites or downloading dangerous files, as well as blocking remote access to smart devices from unknown or dangerous sources. Advanced Security monitors devices real-time and will alert you when devices are behaving in unusual ways that could indicate a network threat. It will also adapt to your home network and get smarter over time to keep up with new threats. How do I access Advanced Security features in xFi? Advanced Security is available to Xfinity Internet subscribers who rent one of the following compatible xFi Gateways (Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Techincolor CGM4331COM or Arris X5001). If you haven't already, download the Xfinity xFi app or visit the xFi website ( xfinity.com/myxfi ). Once you log in, Advanced Security will be enabled. You can access Advanced Security features (security status and threat details) from the Overview and Network sections. To learn more, visit how to get started with xFi for details. (Please note that Advanced Security will not be available if your Gateway is in bridge mode or if you have a Cisco DPC3939 model.) What are the different types of threats prevented with xFi Advanced Security?
Unauthorized Access Attempts An Unauthorized Access Attempt occurs when an outside device tries to access another device connected to your home network. Typically, Unauthorized Access Attempts occur through open port forwards on your connected device. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those which don’t need to be open. If the request is legitimate (e.g., if you’re trying to access your home security camera from a local coffee shop) you can locate the blocked threat in your Threat History and allow access for 30 days. Keep in mind, attackers may try to exploit access to obtain personal data or compromise your device. To prevent others from gaining such access, remember to use strong passwords and change them regularly.
Suspicious Site Visit A Suspicious Site Visit occurs when we stop a device that’s connected to your home network from visiting a potentially dangerous site. This site may contain malware, spyware, ransomware, or viruses that can infect devices and make them vulnerable to personal data collection, blackmail, or attacks on other computers and networks. Often, we’ll block just a part of a page from loading (e.g., a banner ad) if there’s only one component that’s deemed to be malicious. If this happens, you’ll still be able to load the rest of the page and may not even realize malicious content was blocked. The Threat History lists all of the blocked Suspicious Site Visits, including the specific site that was blocked, and the reason why it was blocked. If a full page is blocked, and you still want to visit it despite the potential risk, access can be allowed for one hour. To further reduce the risk of infection, we highly recommend installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain hand-held devices.
Suspicious Device Activity Most smart home devices have predictable traffic patterns and sites they contact. Suspicious Device Activity occurs when a device deviates from its normal behavior, like connecting to an IP address that it doesn’t normally interact with. We’ll block this suspicious activity to avoid data theft, but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter Suspicious Device Activity, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network, such as laptops, desktops and certain handheld devices.
Targeted Network Attack A Targeted Network Attack occurs when a device on your network has been infected with a virus or malware and, as a result, has tried to participate in an attack on another network. This type of attack is also known as a Denial of Service attack. We’ll block this type of attack, but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter a Targeted Network Attack, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain handheld devices.
IP Reputation Threats An IP Reputation Threat occurs when a device that we've identified as coming from a known malicious source tries to access a device on your home network. Typically, IP Reputation Threats occur through open ports on a device connected to your home network. The goal of the attack is to gain access to a device, for example to obtain personal information and/or compromise your devices. To keep your network safe, we automatically block access attempts from known malicious sources. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those which don't need to be open.
How is Advanced Security different from the Protected Browsing feature in xFi? Protected Browsing is a feature in xFi available to customers who rent a Cisco DPC3939 Gateway. It prevents you from visiting websites that are known sources of malware, spyware and phishing. Advanced Security adds even more protection for your devices. At times, it may block an entire website. Other times, it may only block portions of a site, such as banner ads, icons, etc. In addition, Advanced Security also blocks unknown sources from trying to access your connected devices and detects when your connected devices are behaving in unusual ways that could indicate your device has been infected by malicious software. Plus, Advanced Security is always learning so it keeps up with new security threats in real-time. I received a notification that Advanced Security couldn't be set up. What should I do?
First, sign in to xFi and make sure your Gateway is online. You should see "Gateway Online" in the header of the Overview.
Then, restart your Gateway to install the latest software. You may need to restart twice for the full install. You can do this from the Overview page.
Once your Gateway is online again, sign back in to xFi.
Are all of my devices protected by xFi Advanced Security? All devices connected to your Xfinity home network receive protection. However, there may be exceptions that prevent full protection, and we do not guarantee that your devices will be completely harm-free. The following devices are not fully protected:
Vivint Smart Drive (formerly referred to as Space Monkey)
This device continues to be protected against known threats, such as malicious websites, IP reputation threats and denial of service threats.
Due to this device’s configuration, it is not protected against unknown threats such as unauthorized access attempts.
How are threats detected with Advanced Security? Whenever a device is connected to your home network, activity information is transmitted through your Gateway. We gather that information, which includes data from packet headers, source and destination addresses, and other metadata for analysis. This traffic flow is constantly being monitored, along with the source and destination of the traffic. This helps us determine any associated risks and, if needed, block potentially malicious actions. We also update the parameters for blocking to reflect newly-discovered known dangers and risks. If no risks or potentially malicious actions are detected, you'll see in the app that there are no threats to report. For your privacy, we don't gather personal information during this analysis, nor is any encrypted traffic analyzed. How can I be notified when a threat is detected? You can receive a push notification from the xFi mobile app for the following threat types: Unauthorized Access Attempts, Suspicious Device Activity and Targeted Network Attacks.
From the Xfinity xFi app, select the conversation icon in the upper left-hand corner for the Notification Center.
Select the gear icon.
Select Push Notifications to manage your notification preferences.
To enable Advanced Security notifications, select the checkbox next to Network Activity . Email and text notifications aren’t available at this time. Keep in mind, you can visit the Xfinity xFi app any time to check the status of all threats. I received a notification that a website I never visited was blocked. What does this mean? In some cases, Advanced Security will allow you to access a site (or application) and will only block part of the page from loading (e.g., a banner ad) that is considered potentially dangerous. In that scenario, you won't see the blocked content while you’re browsing. When part of a page is blocked, you'll still receive a notification informing you the website associated with that content was blocked. How many threats should I expect to see? It's difficult to estimate a typical threat number, since each home is different. It depends on the number and type of devices, as well as different factors like the security mode, port forwards and other settings you have for your home network. However, it’s not uncommon to have no threats for a week and then one to three threats another week. Those who play online games are more likely to encounter more threats, since they are more likely to have open ports on their network. It’s not uncommon to see hundreds of threats weekly if you have open ports. I haven’t had any threats reported. How do I know that Advanced Security is working? Potential threats are dependent upon the number and type of devices connected to your home network, as well as factors like the security mode, port forwards and other settings you have configured. Rest assured, even if you haven't received reports of any threats, your home network is still being protected by Advanced Security. Do all threats require my attention? Threats are split into two main categories: Those that require your attention and those that are for awareness only. While all threats are immediately blocked, there are somewhere we’ll recommend further action to ensure they won’t occur again. Learn more about threat types .
Attention Required These include Suspicious Device Activity, Targeted Network Attacks and Unauthorized Access Attempts, and may result in a device that’s vulnerable due to a virus or other malware. In such cases, we’ll recommend steps to secure your devices and remove any malicious software. You'll have the option to Allow Access for Unauthorized Access Attempts (30 days) if you'd like to override the block.
Awareness Only These include Suspicious Site Visits. Consider these warning threats that may provide insight into potentially dangerous activity. You’ll have the option to Allow Access (one hour for sites blocked by Suspicious Site Visits) if you’d like to override the block.
If I swap out my xFi Gateway for a new one, or move and transfer my Xfinity Internet service to a new address, will I still be protected by Advanced Security? If you’re activating a compatible xFi Gateway, Advanced Security should automatically be enabled on the new Gateway within 15 minutes after activation. Please note that all previous threat information will be cleared from xFi and xFi Advanced Security. Will Advanced Security work on Disney Circle? Yes. However, since traffic for devices being monitored by Circle routes through the Circle device itself, any threat that Advanced Security blocks for the monitored devices will appear as if it’s happening on the Circle device. Rest assured, threats are still blocked, but if any threats that appear for Circle need attention, you may need to take action on the devices being monitored by Circle and not the Circle device itself. Can I disable Advanced Security? Yes. To disable the Advanced Security feature in xFi, navigate to More and select My Services . Then, select Disable under xFi Advanced Security and follow the on-screen prompts.
Note: By disabling, you’ll lose 24/7 threat monitoring and real-time reporting on your home network. You can re-enable the feature following the same steps and selecting Enable.
Learn more about Getting Started with Xfinity xFi Advanced Security
Learn more about using Xfinity xFi Advanced Security
Learn more about Xfinity xFi Frequently Asked Questions
Your home Gateway (such as the Xfinity xFi Gateway) broadcasts two radio bands to ensure an optimal in-home WiFi experience— one band focused on speed, and one focused on coverage.
These bands work best when they’re operating on a simple, personalized network. Simplifying and customizing your network will make it more secure and provide your devices with better connectivity, and we can help you get there.
Some Background: Understanding the 2.4 GHz and 5 GHz Bands
The 2.4 GHz band offers better WiFi coverage, but is prone to more congestion due to heavy network traffic.
The 5 GHz band offers less range, but delivers faster speeds thanks to less congestion and wider channels.
Understanding how xFi Gateways work
Xfinity xFi Gateways are all-in-one devices that deliver whole-home WiFi coverage, fast Internet speed and the ability to control your home network - for the ultimate connected experience. xFi Gateways are "dual band," meaning that they broadcast two separate radio bands for their WiFi network - a 2.4 GHz band and a 5 GHz band. Historically, you were encouraged to use a different WiFi name and password for each band. You then had to choose which band your devices should connect to. Knowing which would provide the best connection and performance was guesswork. That’s now changed. With the advanced intelligence of xFi Gateways, using the same name and password for the 2.4 GHz and 5 GHz bands lets the Gateway sort out which one will provide a better connection at any given time. You will still have both bands and all the associated functionality, channels and range. However, by using the same WiFi name and password for both, devices will connect seamlessly to the most optimal band at any given time. This is called "band steering." If you have an xFi Gateway (Arris 1682G, Cisco 3941T, Cisco DPC3939, Arris 3482G, Technicolor CGM4140COM or Arris X5001), you should simplify your WiFi and switch to using a single SSID - that is, use the same WiFi name and password for both your 2.4 GHz and 5 GHz bands, so you can take advantage of this seamless connection to the best network.
Changing your WiFi name and password
To get started using the same WiFi name and password across your entire home network, you can login to the xFi mobile app or Website. Once you’re logged in, look for the Network menu. Once you’ve located it, select the Edit WiFi option. From there, you can update your WiFi name and password—it’s that simple.
**Note**: You may need to reconnect some of your devices when using these new settings. Once it’s all said and done, your devices can choose between the best in-home WiFi connection at all times.
You can also automatically simplify to one name and password by selecting the Simplify Your WiFi tile under the Just for You header in the Overview section of xFi.
**Note**: If you have installed xFi Pods, the option to have split 2.4 and 5 GHz bands is disabled.
Added benefits of using one WiFi name and password for your network include fewer connectivity issues, a more secure home WiFi experience, and less troubleshooting. If you’re ready to get the most out of nation’s fastest Internet, log in to xFi today and get started.
Frequently Asked Questions
I only see one in-home WiFi name now and I used to see two - what happened? When you have a single name and password for your 2.4 GHz and 5 GHz bands, you will only see one option to connect. Please be assured that the second WiFi band is still working in the background to optimize your connection. What action do I need to take? If you aren't already using the same WiFi name and password for the 2.4 GHz and 5 GHz bands, you should update your WiFi name and password. The easiest way to update your settings is to select Simplify Your WiFi from the Overview section of the xFi website or mobile app. You can also update your WiFi name and password by selecting Edit WiFi from the Network section of the Xfinity xFi app or website. Learn more about xFi network settings . We'll take care of the rest in the background to optimize your network How do I know if I have an xFi Gateway with this feature? This is eligible on Gateway models Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Cisco DPC3939 and Arris X5001. To determine the type of Gateway you have, check the make and model information located on the bottom of your device. You can also log in to My Account and select Devices to view the make and model of your Gateway. What is band steering and how does it work? Band steering means the xFi Gateway determines which WiFi network band (the 2.4 GHz band or the 5 GHz band) is most optimal for a device's WiFi connection at any given time. It seamlessly changes to the best band based on signal strength and WiFi congestion thresholds. To enable band steering, the 2.4 GHz and 5 GHz bands must have the same WiFi name and password. What happens if the 2.4 GHz and 5 GHz WiFi network band names and passwords are different? If the WiFi network names and/or passwords are different, you will not be able to take advantage of band steering and will need to manually manage which WiFi network band each device connects to. This may lead to slow and intermittent connectivity issues. For example, if a mobile device is connected to the 5 GHz band and loses connection due to distance, you may need to manually reconnect to the 2.4 GHz band. With the same name and password, that process will occur automatically.
For more information refer to Benefits of Using One WiFi Name and Password for Your Home Network
For additional assistance with your Xfinity WiFi see How to improve your Xfinity Wifi
For additional assistance with troubleshooting your Xfinity WiFi see How To Troubleshoot Your Home WiFi Network with XFINITY xFi