Xfi Advances Security (comcast)

Mon Sep 13 15:02:02 UTC 2021

As Alex said, you can submit a request to review a block at https://spa.xfinity.com<https://urldefense.com/v3/__https:/spa.xfinity.com__;!!CQl3mcHX2A!VFRCR2r6w4y6BDhy4gmaIa2JdxJVoUxgzRD48A1CG_X6a9Nq8gN2Qjie7Yzk8C5y_XSXg-Dd$>. Note that this service relies substantially on 3rd party list sources – so if any IP/FQDN appears on other lists (e.g. webroot and similar) then it may be here as well. So you may want to take a look more broadly, especially if you rely on any virtual infrastructure.

Thanks
Jason

From: NANOG <nanog-bounces+jason_livingood=cable.comcast.com at nanog.org> on behalf of Jason Kuehl <jason.w.kuehl at gmail.com>
Date: Friday, September 10, 2021 at 11:10
To: Jim Popovitch <jimpop at domainmail.org>
Cc: NANOG <nanog at nanog.org>
Subject: Re: Xfi Advances Security (comcast)

This is an SSL VPN that is being blocked. This is what failure looks like. Curl is the same.

Once we disable the Xfi  Advanced Security everyone can connect.

[cid:ii_ktehov470]

On Fri, Sep 10, 2021 at 11:01 AM Jim Popovitch via NANOG <nanog at nanog.org<mailto:nanog at nanog.org>> wrote:
On Fri, 2021-09-10 at 10:31 -0400, Jason Kuehl wrote:
> For whatever reason Comcast Xfinity is blocking my VPN URL.

Not certain that this applies, but Concast Advanced Security (setup in
your Comcast gateway) only allows outbound VPN connections to UDP ports
500, 4500, and 62515 and TCP port 1723.

-Jim P.

--
Sincerely,

Jason W Kuehl
Cell 920-419-8983
jason.w.kuehl at gmail.com<mailto:jason.w.kuehl at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210913/32facabf/attachment.html>