Port forwarding

Hi there, Joepict1. We want to help! We understand your security risk concerns and we're here to help! Did you guys go through the steps listed here: https://comca.st/3q9FDl0 and do you know if anything else was done setting-wise to the modem? 

I had IT help with this. I do not have xFi so we tried to use the admin option.  As I recall, Xfinity steered us to another port forwarding option which was quite seamless and worked well.  I'm concerned about the potential intrusion upon my network by outside sources

@Joepict1 I would be happy to take a closer look into your unique situation. Can you send me a private message with your full name and service address? To send a private message, you can click my username and then select send message. I look forward to hearing from you. 

Actually, you should be concerned if you exposed a port to a device that you don't control the software or firmware on, because you want to use a phone app.

In a bit of funny irony, it turns out "Security" devices like camera DVR's and IP cams have some of the the worst security out there.  Although your camera images may be of interest, what they are usually after is your financial data.  Your phone app becomes an attack vector to whatever is on phone when you connect to a hostile device.  These devices have also been known to use DNS attacks to try to spoof internal devices on the same network into contacting hostile sites, or by effectively becoming a man in the middle to steal credentials.

US-CERT recommends you do not expose these devices to the internet, and that you place them on an internal network that is isolated from everything else you have connected to your gateway.

Instead of exposing these devices directly with a port forward,  place an actual server or appliance on the same network with the device.  Something running OpenVPN, Wireguard or an SSH server with tunneling to field an incoming connection to your isolated network, is a much better way to accomplish this.  You then have control over the software for your inbound connection and can patch it when security issues are found.

If someone told you to just blast open a port to a DVR......you got really bad advice.  Probably not what you want to hear, but it is the truth.

 I have a similar situation with 4 outside security cameras connected to a digital recorder which in turn is wired to my modem.  I also have a phone app that allows me to access my live cameras when I am not home.  About 2 weeks ago, the port forwarding was not working and tech from the camera app noticed the port forwarding ports were closed. It's now working but only on one of the three devices using the camera's app, which are all Apple devices. I can see the cameras remotely when I switch to cellular but not on wifi outside of my home network. I've spent hours on the phone with Xfinity tech support and have gotten nowhere.