Arris TG862G/CT from Xfinity Port Forwarding – Signature Support Sham

Recently I received a letter in the mail that Xfinity had increased the speed of the internet in my area… SWEET! However I needed to upgrade my modem as it cannot handle the increased speed, sounds reasonable they will send me a new one. This is where the sage begins with my discovery of xfinity’s Signature Support Sham and their horrible support and customer service.

xfinity_sham

The Story

I received the package fairly promptly and it is a brand new Arris TG862G/CT. I hooked it up with little issue aside from having to switch all my devices to a new wireless AP.

The next day I continued my efforts in configuring my network which included simply setting up a port forward so I can RDP into my desktop at home from work. As a Technology Specialist at a local IT Consulting and Managed Services company I felt I was more than qualified to implement such a minor change. After having performed the configuration and it not working I felt like an idiot. I continued trouble shooting and decided to disable the firewall on the new gateway. After having performed that change I still  could not RDP into my system. I verified RDP was working within my internal network and decided to go above and beyond and even though it made no sense for this change to work I decided to try Port Triggering. Still no luck, so I resorted to calling the xfinity support.

I explained this issue to their support personnel and was told immediately she would need to escalate the issue. The next department I spoke with ask me to explain my issue again then proceeded to inform me that they would be charging me a $39 setup fee and $15/month for Signature Support. My response was that I do not need Signature Support I need a new gateway that will actually work when I implement the configuration. I spoke with a supervisor and the best they could do was waive the $39 setup fee but still charge me $15 to fix my issue.

I ask them to forward me to a department that could help me but not try to charge me for their device that was not working. I was forwarded to someone who dealt with West Coast clients (I am located in Indiana and they had all my account details already) She informed me she could not help me and forwarded me to the central region. Fantastic I was back to the same automated system I hit when I first called in. I explained the issue and was told they had to escalate it again, and guess what, Signature support wants to charge me again! This time after insulting them and informing them I make more an hour doing their job than they probably do they told me they could charge me a onetime fee of $5. At this point it wasn’t about the money it was about sending me a gateway that didn’t work and wanting to charge me to “Correctly configure and optimize it.”

I ask to be forwarded to the department where I could file an official complain, I had to wait another 10 minutes to be connected with someone on a VOIP line that was breaking up horribly on their end. How do I know it was their end you ask? I know this because I had already been on my cell phone in the same room for over an hour having no issues communicating with their other departments. She ask for my number to all back and never did. I decided screw it I’ll switch to the old modem so I can at least RDP to my home desktop from work tomorrow. I set it up, internet kicks on, router works fine and guess what… so does RDP. However now my VOIP line from xfinity wasn’t giving a dial tone and the light wasn’t lite up. I call xfinity again and they say they have re-activated the modem and it should be back up in 15 minutes. I decided since it was 1:30am and I had to be up at 7am to go to my job in IT, it was time for bed.

So the saga goes on about 16 hours later after I get home from work, try rebooting the modem, no luck land line light is still not lite and I resort to calling xfinity again, I speak with someone on their Telephone side, they reboot the modem 3 times and still no luck, so she wants to connect me with Activation, fine anything as long as I can get this old modem that was working perfectly fine a few days ago working again. So I am transferred YET AGAIN! This time the transfer fails and I get booted off with no way to reach the activation line directly. I call the telephone support again and this lady tells me SHE CAN HELP! Looks over ticket, tries rebooting modem again and damn she can’t help. So she wants to send a technician to my house now. Well that is great and all but I work 8am-5:30pm every day. I tell her my story and say I am really getting sick of this shit and seriously considering U-verse at this point. She tells me I can have the technician call you tomorrow, when is best for you, I tell her after 5PM EST I will take a call.

The Fix

At first I thought I was done for the night and decided to continue the internet research I had begin the night before and stumbled across a community thread about calling a “Gateway” team and having them force the gateway into bridge mode. So I decided lets give this a shot, I hooked up my router to the modem, called their support and didn’t tell them anything except for I want my Arris TG862 switched to bridge mode. The first person said NO PROBLEM! He claims to complete the configuration but I see the wifi is still on but internet works. I get off the phone and login to my router and notice it is doubled NAT still.

I decided to call back, told the tech hey I ask for it to be bridged and my router is still being NAT from the Arris device. He looks, performs some more configuration and OMG!! I finally am not double NAT and I can RDP.

The Conclusion

Overall I am completely discussed at the incompetence of their support team, and the fact that they want to charge to support a feature on their modems that doesn’t work. The only way I was able to make this new modem work was by bridging it with my old router that works flawlessly.

Love it? Share it!

17 thoughts on “Arris TG862G/CT from Xfinity Port Forwarding – Signature Support Sham”

  1. I understand your frustration I used to work for Xfinity Signature Support and the TG862G model gateways they were shipping out are absolute trash.. Most of the technicians working for XSS are quite knowledgeable but as the issue I’m about to describe is not covered in training, few technicians except the more experienced know the reason port forwarding appears “not to work” on this model gateway.
    On to the port forwarding issue — a lot of people run into this with that gateway as it does not support public ip loopback, meaning you can configure the ports perfectly and try access your RDP through your public IP from within your network and it will fail. After forwarding try connecting to your public IP from outside your network, (i.e. from work.)

    If your public IP is 123.123.123.123, you cannot access any services hosted on your internal network using 123.123.123.123, you would have to use 10.0.0. where is the IP assigned to you via DHCP. You will be able to access services hosted on 123.123.123.123 from a REMOTE network. Personally I hate this, most new gateways act this way including Motorola gateways, (Which is now owned by Arris, YUCK!)

    Personally I would toss the Arris TG862G and get a nice motorola surfboard gateway if you do not want to use your sidecar router.

    1. This makes absolutely no sense. If I’m on a remote network and try to access 10.0.0.x, it’ll try to find that on the local remote network first, before accessing the internet, and since those IPs likely don’t exist out there on the public internet, it would likely just time out. Further, with it being an internal IP, I’m sure there are millions of computers with an IP address of 10.0.0.2, so where does the internet route that request? I can’t even begin to wrap my head around how STUPID this is. If true, the developers at Arris need fired for gross incompetence.

      1. I know this article is a bit old but I wanted to add something that seems to be omitted. The root of this problem is not Comcast, it’s entirely the fault of Arris’s firmware development team, or person, or trained monkey. Pick your poison.

        Nicholas hit the nail on the head. NAT Loopback is where your problem lies. NAT loopback allows you to connect to the WAN interface from within the LAN interface. So if I’m local on 192.168.0.10 and my server with RDP is on 192.168.0.20, assuming all port forwarding is done correctly, the router will know that connecting to RDP from the WAN interface will redirect traffic to the local RDP server. at that point it bypasses the WAN interface effectively. When NAT loopback is disabled or not present, you’ll be able to connect to the local IP on the local network, but the WAN IP will only be usable outside of the LAN. The loopback feature is part of the firewall of almost every retail network device I’ve ever worked with, and is generally something you can’t fiddle with. (hardcoded) You either have this feature as part of your firewall/NAT, or you don’t.

        The gateway modems are all-in-one router, cable modem devices that were designed solely with simplicity and in the CableCo’s eyes, control. If someone calls in and says “my router is not working” and it’s beyond the WAN-facing side of the CM, they cannot do anything about it. An AIO gateway, they can. They can go in, reset things, change PWs and SSIDs and settings at the customer’s request, etc. It really makes a lot of sense from a customer support standpoint. However one size does not fit all. For IT pros and DIY’s, this can spell disaster. CAN, but does not have to if done correctly.

        As of present, the lack of NAT Loopback only seems to affect Arris modems with an MTA. (Multimedia Terminal Adapter) That’s cable speak for phone service. If your Arris CM model starts with a “TG” (telephony gateway), it most definitely affects you. Model prefixes WBM (Wideband Modem), TM (Telephony Modem; no routing functions, bridge-only), DG (data gateway; =TG minus phone), and CM (cable modem) are not affected currently (bridged modems will never have this issue).
        Whole Home DVRs “Media Gateways” are also not currently affected.

        Arris did push a FW update out to MSOs October 2014 that addressed some major security flaws in the routing portions of these AIO modems. However I have not personally tried to see if they fixed the NAT problem in the newer version. Also, some MSOs such as Time Warner Cable refuse to push firmware to customer owned devices (liability reasons I presume). If it doesn’t work for you, there is no fix within your realm. It’s also not within your provider’s realm. Unless a majority of their customers complain about it, Arris won’t address it. At the same time customers cannot push FW updates to their modems either, that’s done strictly on the coax side of the network.

        Your best bet is to buy a bridged only modem from Comcast’s approved list. Yes they do have some (not all Arris either), so you do have some choice, but it’s better than fighting with the gateway devices. For small homes that don’t need far stretch WiFi coverage and aren’t doing advanced things like port forwarding and hosting, they work beautifully. One less box to manage and maintain. Once you step that up a few notches such as what the OP was trying to accomplish, don’t even consider a gateway modem. Not worth anyone’s time.

        PS. Comcast business class support is SPECTACULAR. Residential is the polar opposite.

  2. Sure, the modems are bad, and even Comcast customer service can be bad. But don’t take it out on the guys in Xfinity Signature Support. Most of us are pretty decent, and we know our stuff fairly well. At least, I do. The fact that you felt you had to bring up salary just shows you must be uncomfortable with something in your life. Also, there’s no need to insult ANY CSR. doing so just makes you a terrible person. 🙄

    1. You are absolutely correct. I shouldn’t have brought up salary, that was a major dick move on my part. My only defense was pure frustration of being tossed between multiple techs and only being told that I have to pay for them to fix something that was related to their crap hardware.

      I am sure the Xfinity Signature Support staff can be knowledgeable however when their only resolution is pay us even though the obvious answer is hardware was unacceptable from a Customer Service standpoint.

  3. Heh everyone. My info may be Old news for you Pros. Wikipedia says at

    http://en.wikipedia.org/wiki/IEEE_802.11

    Great stuff coming out Feb 14 & Mar 14. Should I wait to buy a new Asus computer for 802.11ac, 802.11 af, 802.11ah to come to market? It say’s:

    802.11ac[edit]

    Main article: IEEE 802.11ac

    IEEE 802.11ac is a standard under development which is based on 802.11n, due to be approved in February 2014.[6] Changes compared to 802.11n are wider channels (80 or 160 MHz vs. 40 MHz) in the 5 GHz band, more spatial streams streams (up to 8 vs. 4), higher order modulation (up to 256 QAM vs. 64QAM), and the addition of Multi-user MIMO (MU-MIMO).

    And:

    2.4 and 5 GHz bands, which increases the possible range.[22] The frequency channels are 6 to 8 MHz wide, depending on the regulatory domain.[22] Up to four channels may be bonded in either one or two contiguous blocks.[22] MIMO operation is possible with up to four streams used for either space–time block code (STBC) or multi-user (MU) operation.[22] The achievable data rate per spatial stream is 26.7 Mbit/s for 6 and 7 MHz channels and 35.6 Mbit/s for 8 MHz channels.[24] With four spatial streams and four bonded channels, the maximum data rate is 426.7 Mbit/s 6 and 7 MHz channels and 568.9 Mbit/s for 8 MHz channels.[24]

    Thank You Sir’s/ Ma’ams

  4. I lived this same story

    You get a big AMEN from me here on this reply. I’m glad you took the time to write this up. I’m just too tired and frustrated with Comcast to write a similar remark. My Motorola Surfboard died and I replaced with the “NEW” Comcast modem. What a nightmare. I have Windows Home Server 2011 and the issue gets bigger 😥

  5. The only reason I take the time to add my comments now is that all the above reports are very true but, my experiences dwarf those stories told above. Not only does the modem not support port forwarding, they install it without ones requesting a new modem. All my control system went down. They repeated this (without my permission) in another account I have in Tucson. two here in this city. In total I lost control of three systems. And dealing with Comcast, even their voice TTL system is impossible. That TTL system does not understand any of the answers to the questions it ask, once you call support numbers. Hours evolved to days, tech support no knowing what I am talking about, lines dropped or, do they just hang up??? no phones here, 8 of nine cable boxes went out and, it’s been a horrible experience. The worst of my 5 years with any service provider. DO NOT swap your modem. DO not create any reason for support from Comcast. Let the lying dog lay, I’d say. Sick at my stomach after 6 days of this..

  6. Xfinity used to charge $39 setup plus $15 PER MONTH of support. Comcast has since gone to another model where if you have their equipment, they support it (due to customer requests). The Xfinity team was an OPTION if you couldnt do the self install kit 🙂

  7. You make more an hour than Xfinity support team yet you do not know how to bridge and DIDNT EVEN KNOW you needed to bridge your gateway? fantastic job. The company you work for must be proud

  8. I’m still having an issue with this new modem. After several days of calling I got it into bridged mode, but the modem is still blocking all ports. In bridged mode the modem also doesn’t have a web GUI to change the settings, so I’m pretty much stuck calling again.

  9. I have just received my arris modem as well and hit the same problem Port Forwarding does not work as designed. I also noticed that DDNS doesn’t work. In fact the page has labeled as “not supported” and has 404’s when trying to add a new service.

    Also notice how when adding a Port Forwarding service, the help text is incomplete: “Some text about email notification and how they work” and “Some more text to help the customer understand about this content”.

    How could they push this device on u when the firmware they install isn’t even complete. No option to upgrade the firmware either. Garbage.

    Well, I’ll try with tech support next week and try the “Bridged Mode” trick. Thanks for the tip.

  10. Well, I just WENT TO DMZ. And enabled it for the ip I wanted to forward then forwarded it. YA DERP. 👿 👿 😕

Leave a Comment

Your email address will not be published. Required fields are marked *