@DrMike When you switch to a higher firewall security level, you add additional restrictions as to what application traffic is allowed to flow through the firewall. Low, Medium and High are not helpful descriptions but Comcast does provide some additional high-level information on the following support page: https://www.xfinity.com/support/articles/advanced-xfinity-wireless-gateway-features
They describe the security levels as follows:
- Maximum Security (High), which will block most applications except web browsing, email, iTunes and VPN.
- Typical Security (Medium), which allows access to most sites and services, but blocks all peer-to-peer applications.
- Minimum Security (Low), which enables all secure apps. This is the default setting when you first use your Wireless Gateway.
- Custom Security, which will allow you to block individual types of traffic, or disable your firewall entirely.
You can also expand the firewall security levels on the XB6 to reveal the following:
My biggest complaint about the XB6's firewall is that the UI will not allow you to see the actual firewall rules that are in place. Furthermore, if you should run into a problem with your VPN not working or your VoIP ATA losing registration, there is no way for you to fix it. You cannot add, remove or change any individual firewall rules. The only Firewall troubleshooting resources available to you are Troubleshooting > Logs: Firewall Logs.
Rogers also has additional firewall rules in place that are not visible to us. They enable Rogers to, for example, poll the status of your Ignite set-top boxes... and who knows what else.
So clearly I do not understand what the security levels actually mean, or what they do, in practical terms, but more than anything I wonder in this day and age, why is anything called "LOW" security ever a good default? Anyone care to educate me on why that would be? I thought a major selling point for a good gateway was good internet security....
The "Low" security level setting provides basic protection from outside attacks and (hopefully) should not break any of your applications. It does not restrict you from using any applications and it blocks random incoming connections from the Internet. This is similar to the default behaviour that you would see on the firewall of a typical consumer router.
Greetings @token!
I regret to inform you that there is no way to manually close specific ports on our modem.
Regards,
RogersCorey
@token What is the specific security policy that you want to implement? By default, even the lowest firewall setting should block any attempts to connect to those ports from the Internet. By enabling Advanced Security, Rogers claims that this will also provide you with additional "intelligent around-the-clock protection against cyberthreats for your connected home."
However, your biggest threats come from unsafe computing practices within your own home, and no firewall can guard against what may happen when downloading/installing infected software or connecting to an unknown malicious web site.
-
8467 views
-
4 Likes
-
-
