Configure a demilitarized zone (DMZ) for your WiFi network

If you haven't had success in using port triggering or port forwarding to set up a specific WiFi-capable device or service, you can configure DMZ within the Admin Tool or Xfinity xFi for your entire network or a specific device on your WiFi network.

The only devices that use the Admin Tool to adjust these settings are:

• An XB3 without Boost Pods.
• An Xfinity Gateway (Wireless Gateway 1, 2, or 3.) 
  
  • This includes model numbers: TC8706C, TG852G, TG862G, and TC8305C. 

For an xFi Gateway (XB6, XB7 or XB8), you must manage these settings through the Xfinity app. See the overview of Xfinity gateways for details on each of our devices.

Compared with port triggering and port forwarding, DMZ is the least secure method for connecting a device over WiFi.

Port triggering uses a rule that leaves the inbound port open only when you initiate a session on that port; once the session is dropped, the port is closed to random inbound traffic and your WiFi network is closed to any potential hacker. Port forwarding can result in leaving your WiFi network exposed to random inbound traffic, not just the specific servers with which you want your WiFi device (e.g., computer, laptop) to interact, because it leaves the specified port open outside of a given session.

DMZ opens all ports for a single computing device on your local network, potentially allowing harmful traffic into your WiFi network.

Configure DMZ for your WiFi network in the Admin Tool

Follow the steps below, if you have a non-xFi Xfinity Gateway and you’d like to configure DMZ for a certain device through the Admin Tool. You'll want to obtain the IP address of the device (like a computer) you are currently using.

Instructions are only applicable to: 

• XB3 without WiFi Boost Pods
• Xfinity Gateway (1/2/3) 
  
  • Model Numbers: TC8706C, TG852G, TG862G, and TC8305C

Get your IP address

1. Click the Start (Windows) button.
2. Type CMD in the search field, then press Enter to open the Command Prompt.
3. Once open, type ipconfig and press Enter.
4. You'll find your individual IP address next to IPv4 Address.
   

Configure DMZ

1. Connect to your WiFi network and access http://10.0.0.1 from a web browser.
2. Enter the following:
   • Username: admin
   • Password: password
3. Navigate to Gateway > Advanced > DMZ, where you'll see the option to click Enable.
   
4. Select Enable and enter the IP addresses (IPv4 and IPv6) for the computing device (e.g., server) for which you'd like to establish DMZ.
5. To complete the configuration, click Save.

Additional steps for connecting to VPN

When entering the IP assigned to the computer or laptop that is used to connect to a VPN, you must ensure that you reserve that IP to that computer in case the IP changes.

1. Select the Connected Devices drop-down menu.
   
2. Find your computer name, then click it to display device information, including which IP is assigned to that device.
3. Confirm that the IP address matches the one you entered on the DMZ page, then select Edit.
   
4. Under Configuration, click Reserved IP and then click Save.
   

Configure DMZ for your WiFi network with Xfinity xFi

If you have an xFi Gateway and want to configure DMZ for a certain device using the Xfinity app:

1. Sign in to the Xfinity app with your Xfinity ID and password.
2. Select WiFi from the bottom navigation of the app.
3. Select View WiFi equipment.
4. Scroll down to select Advanced settings.
5. Select DMZ.
6. If you want to enable DMZ, select Edit. 
   
7. From the new pop-up window, choose Continue.
8. Select the DMZ status radio button to enable the feature.
   • Enter the IP address for the device that will be in the DMZ.
9. Select Apply Changes at the bottom of the window to enable DMZ.