Getting Started with Xfinity xFi Advanced Security
Xfinity xFi Advanced Security delivers a smarter, more personalized security solution for your home network. From computers and mobile phones to home security cameras and smart thermostats, Advanced Security protects all of your connected devices for added peace of mind.
xFi Advanced Security provides an added layer of protection for your entire network by preventing you from inadvertently accessing malicious sites, blocking remote access to smart devices from unknown or dangerous sources and monitoring activity in real time to detect when devices are behaving in unusual ways that could indicate a network threat. Whenever a threat is detected, it’s automatically blocked and you are notified in xFi and given tips on how to resolve.
Features and Benefits
Prevents you from inadvertently visiting malicious sites and becoming a victim of phishing attacks.
Blocks remote access to smart devices, like home cameras, from unknown or dangerous sources.
Helps monitor devices real-time and alerts you when devices are behaving in unusual ways that could indicate a network threat.
Adapts to your home network and gets smarter to keep up with new threats over time.
Provides real-time notifications and a dashboard to easily view and manage threats right from the Xfinity xFi app or website.
No additional hardware to install; all you need is a compatible xFi Gateway.
No software to install on your individual devices; your entire network is protected, once Advanced Security is enabled.
Advanced Security is a subscription service available for $5.99/month to Xfinity Internet subscribers who rent a compatible xFi Gateway in select areas. To subscribe, visit xfinity.com/xfiadvancedsecurity. Once you have subscribed, simply download the xFi mobile app or visit the website at xfinity.com/myxfi to access the Advanced Security Dashboard from the Overview or Network sections. Learn more about using xFi Advanced Security.
These four xFi Gateways support xFi Advanced Security:
**Note**: Xfinity xFi and Advanced Security will not be available for Gateways in Bridge Mode.
Using Xfinity xFi Advanced Security
You can find a status of security activity in the Overview section of the xFi app or website (xfinity.com/myxfi). To view additional threat details or to resolve any threats that require your attention, select View Affected Device(s) to be taken to the Dashboard.
Advanced Security Dashboard
The Dashboard gives you a comprehensive view of threats detected during the past seven days and a list of devices that have been impacted by threats.
Threats are split into two main categories: Those that are for awareness only and those that require attention.
Some threats won’t require any action, but you will still be alerted. These include Suspicious Site Visits. To view additional details when no action is required, select the device from the Advanced Security dashboard. The threat details page will provide a list of threats associated with a given device, for example when the device has been blocked from visiting a dangerous website. Any time a device is blocked from accessing a site, you can opt to allow it to access. Keep in mind that by doing so, you may be putting your network at risk and making it vulnerable to malicious activity. Access will be limited to a certain amount of time due to this risk. Learn more about the threat types.
Threats that Require Attention
Some threats, such as a Targeted Network Attack, Suspicious Device Activity or Unauthorized Access Attempt, may require you to take further action. If a threat requires your attention, you’ll see an alert at the top of the Dashboard indicating how many require your attention. Select the device to access the threat details page and to take action. The threat details page will provide a list of threats that have been blocked but require your attention to ensure they don’t return. Select Help Me Fix It for tips on how to resolve the threat. Learn more about threat types.
Tips to Resolve Threats
Depending on the nature of the threat that requires your attention, the following tips can help you take action to resolve the threat.
Quarantine Your Device
If one of your devices has been compromised, you can use xFi to pause its access or disconnect it from your home network. This will keep it from endangering other devices on your network.
Update Your Software
Keep your device’s software or firmware current to ensure you’ve got the latest security updates. Use the update feature usually found in your device’s settings or check with the device manufacturer.
Run Antivirus Software
One of the best ways to defend against network threats is by running antivirus software. If you haven’t already, install a software program, keep it updated, and run scheduled scans to keep devices free from viruses. Learn more about how to Download Norton Security Online for your PC, Mac and Android devices.
Restart Your Device
After updating your device’s software, be sure it restarts. This will complete the update and also, stop any existing communication with malicious sites.
Check Your Port Forwards
Open ports on your home network give potential access to malicious attackers. Ensure your port forwards are set up correctly for your devices. Learn about port forwards and how to set them up using xFi.
Disabling Advanced Security
You can disable the Advanced Security feature in xFi by navigating to More and selecting My Services. From here, select Disable under xFi Advanced Security. Once disabled, you will lose 24/7 threat monitoring and real-time reporting on your home network. **Note**: You will still be subscribed to Advanced Security even if you disable it. To unsubscribe, call 1-800-xfinity.
This article provides details on the personalization and control features available with XFINITY xFi.
For more information on the xFi web portal and app for mobile devices, see our xFi portal and app overview article. For xFi troubleshooting tips, see troubleshooting WiFi connectivity.
In the Devices section, you can view all devices that are currently or were previously connected to your home network, as well as devices that have WiFi access currently paused.
Identifying Devices When a device first connects to your home network, the default name of the device, which is either the manufacturer-set name (i.e., hostname or MAC address) or the one you gave your device when you first set it up, will be displayed. Devices connected to the public Xfinity WiFi hotspot, xfinitywifi , will not appear in your Devices list; hotspots are separate from your personal home network. If you do not recognize a device:
Go to the Devices section. Select the device from the list, then select Device Details to see the manufacturer.
If the device is connected to your home network, there should be a green dot indicating that it's online, which may also help with identifying what device it is.
Access the hostname or MAC address in your device's settings. If the default name displayed is a long string of numbers and letters, it's likely the MAC address.
For more information on recognizing devices or accessing the hostname or MAC address from your device settings, see our xFi Frequently Asked Questions .
Personalizing and Organizing Devices You can personalize a device name for easier reference. Select the device to give it a nickname and choose an icon, then assign the device to a profile. If you have devices connected to your home network that still need to be personalized, you'll see that indicated at the top of the Devices section. Simply select Personalize to give the device a nickname and assign it to a profile.
A green dot indicates the device is currently connected to your home network.
A pause symbol indicates the device is currently paused and cannot access your home network.
A crescent moon symbol indicates the device is currently in Bedtime Mode and cannot access your home network.
A grayed-out device icon means the device is not currently connected to your home network.
Removing Devices You can remove a device that is not connected from the Devices section by selecting the name of the device either from the Devices section or from the profile where the device is assigned, then select Device Details > Forget Device . This will remove the device from the Devices section and unassign it from the profile it was associated with, if applicable. It will also permanently delete all historical network activity of this device. If the device reconnects to your home network, it will appear as a new device.
Pausing Devices Pausing a device blocks it from accessing the Internet when connected to your home network. In-progress activity might not stop immediately. Access to local network devices (like printers) and connections that use cellular data or other WiFi networks won't be paused. To pause an individual device, simply select the unpaused device and then select Pause Device . You can either pause the device for a specific amount of time (for example, 30 minutes, one hour or two hours) or indefinitely until you choose to unpause the device. The Pause function only pauses WiFi access on your home network and does not impact access to using cellular data, a public Xfinity WiFi hotspot or other available WiFi networks. When attempting to access the Internet on a paused device, the user will see the device's default message that the site cannot be reached or that it is not connected to the Internet. To unpause a device (if the device is individually paused), select the paused device under Paused in the Devices section, then select Unpause Device . If the device is assigned to a profile that is paused, select that profile, then select Unpause All Devices . If the device is paused by Bedtime Mode, select the profile where the device is assigned, then select Wake Up .
This will unpause all devices assigned to the profile until the next scheduled bedtime.
**Note**: If you've previously set up a device block from your Gateway's Admin Tool (http://10.0.0.1), you should see the device listed with a pause icon in xFi indicating WiFi access over your home network is already paused. Once you Pause/Unpause a device or access Bedtime Mode or Port Forwarding through xFi, you will no longer be able to access similar features (block, scheduled block or port forwarding) through the Gateway's Admin Tool (http://10.0.0.1).
In the People section, you can organize all of your connected devices by the people who use them. Once you've created profiles, you'll be able to access additional features to manage your home network, including the ability to set Parental Controls.
Creating Profiles You can manage devices connected to your home network more efficiently by assigning them to a profile. Create a profile for an individual (e.g., John, Mom) or group (e.g., Kids), then assign their devices to that profile. You can create profiles from the People section by selecting Create Profile , or during the process of naming a device in the Devices section. After you create a profile, it will appear in the People section. For all the devices assigned to that profile, you can view how active they are on your home network, see which devices are online, instantly pause WiFi access, set a bedtime, and enable Parental Controls. For your convenience, in addition to the custom profiles you can create, we've created two profiles to help you get started:
Household profile: This profile is intended for smart home devices used by all family members (e.g., Smart TV, thermostat, security system and door locks).
Guest profile: This profile is intended for visitors' devices that you'd like to keep track of. These profiles will only appear in the People section if a device is assigned to them and cannot be deleted.
Pause All Devices You can block a profile or group of devices from accessing the Internet when connected to your home network by selecting Pause All . You can either pause the devices for a specific amount of time (for example, 30 minutes, one hour or two hours) or indefinitely until you choose to unpause the devices. Once a profile is paused, any new device assigned to that profile will be paused. Please note that any in-progress activity might not stop immediately. Learn more about pausing a device .
Active Time Alerts An Active Time Alert provides awareness of how long a profile is active on your home network, to help your family promote healthy Internet usage habits. When enabled, the Xfinity primary user will be notified when a profile’s devices have been active on the home network for the amount of time you specify. When the active time limit is close to being reached, you will receive a text message, email and/or push notification, depending on your xFi notification preferences. You can then decide if you want to take action and pause the profile’s WiFi access using your home network. The profile will not be automatically paused once the time limit is reached. To set up an Active Time Alert, visit the profile you'd like to set an alert for, select Edit next to Active Time Alert , then choose Weekdays or Weekends and adjust the bar to set the active time limit. This will be the daily limit for the profile, starting at 12am each day. Be sure you have Network Activity notifications turned on to receive these alerts. Learn about notification preferences . Activities such as streaming music or videos, surfing, shopping, gaming and downloading books, pictures and videos, count towards "active time." Applications that you may not be actively using, but are running in the background (for example, an app downloading an update) may count towards active time. Access using cellular data, a public Xfinity WiFi hotspot, or other available WiFi networks will not count toward active time. For more information on what counts towards active time see our xFi Frequently Asked Questions .
Bedtime Mode Bedtime Mode allows you to automatically pause WiFi access over your home network during scheduled times for all devices assigned to a profile. For example, you can pause kids' WiFi access during dinnertime or bedtime. Different schedules can be set for school nights (Sunday - Thursday) and weekends (Friday - Saturday). To set Bedtime Mode, select a profile, then select Edit next to Bedtime Mode . Select the desired nights for Bedtime Mode and the sleep and wake times for all devices that are assigned to that profile. All devices assigned to that profile will then be paused during the sleep times selected. If you have a single device you'd like to set Bedtime Mode for, first assign it to a profile. Once assigned, select that Profile, and then Edit next to Bedtime Mode . If any device assigned to that profile attempts to access a website, app or service outside a web browser (e.g., mobile email app) during a scheduled Bedtime Mode, the user will see the device’s default message that the website cannot be reached or that it is not connected to the Internet. Note: If you've previously set up a scheduled block for a device(s) from your Gateway's Admin Tool ( http://10.0.0.1 ), you should be alerted when you attempt to set up Bedtime Mode that your prior settings will be cleared. Once you access Bedtime Mode, Pause/Unpause a device or access Port Forwarding through xFi, you will no longer be able to access similar features (scheduled block, block or port forwarding) through the Gateway's Admin Tool ( http://10.0.0.1 ).
Parental Controls Parental Controls help reduce the risk of children accessing content that is generally deemed inappropriate. To set Parental Controls, you'll need to first create a Profile and assign your child's devices to it. Once created, select that profile, then select Edit next to Parental Controls . Next, select On to only allow access to content deemed appropriate for all ages. If you have a single device you'd like to set controls for, first assign it to a profile. Once assigned, select that Profile, then select Edit next to Parental Controls and choose On . Content should be blocked fairly quickly once parental controls are enabled; however, content that was already accessed on a device may be cached and, therefore, may still be accessible on that device for up to 24 hours. Parental Controls only restrict access for devices connected to your personal home network. The following third-party settings are applied to profiles that have xFi Parental Controls enabled:
Google SafeSearch: On
Bing SafeSearch: Strict
YouTube Restricted Mode: On
When Parental Controls are turned on, these services' protective settings help limit exposure to potentially explicit content for the associated websites as well as the Google and YouTube apps. If a device assigned to that profile attempts to access a website or app known to host inappropriate content for that level, a block page will be displayed. In the case of secure websites or mobile applications, the block page may not be displayed, but access is still prevented.
Home Network Activity
In addition to viewing aggregate network activity for all profiles and devices on your home network in the Overview section, you can view activity for individual devices and profiles. Simply select a device or profile to view network activity over the past 24 hours and the past 30 days.