Skip to content
U

New Contributor

 • 

13 Messages

Thursday, February 8th, 2024 6:24 PM

February 7 Firmware Upgrade Broke IPv6

Comcast did an automatic upgrade on Feb 7, 2024 to my business class modem.  Following the upgrade, the modem is rejecting all incoming IPv6 packets except those that are ESTABLISHED,RELATED.  I have both the IPv6 and IPv4 firewalls disabled in the settings, but the IPv6 firewall is apparently applying the default configuration and cannot be turned off.  It has been extraordinarily frustrating to report it because Comcast reps keep asking "What sites can you not get to?", obviously not understanding that I am referring to NEW incoming packets.  I reported the issue within an hour of the update, and it's now almost 36 hours later and still broken. I would love to be able to buy my own modem to avoid the repeated Comcast disastrous upgrades, most of which re-enable Security Edge although each time they disable it they promise me it will never come back. Unfortunately, I can't because I have static IP addresses.  I asked tech support to revert my modem to the previous firmware, but after the requisite six hour wait, they told me they don't have any way to do that.  I would appreciate any ideas anybody might have for getting this fixed.  I have services that depend on incoming IPv6 packets, and all are down.

Official Employee

 • 

23 Messages

4 months ago

@user_c7e85c Thank you for reaching out on our forums for help with the recent update. I'm so sorry to hear about how much trouble this has caused you with everything. I know it's crucial for your business to have this rolled back and corrected. I would love to help out and make sure that we get you in contact with the right team, or set up a repair appointment to have the modem exchanged. Please send us a direct message with your name and the service address. 

Please send us a direct message with your full name, full address, and phone number. • Click "Sign In" if necessary
Click the "Direct Messaging" icon in the top right corner
Click the "New message" (pencil and paper) icon
The "To:" line prompts you to "Type the name of a person". Instead, type "Comcast Business" there
As you are typing a drop-down list appears. Select "Comcast Business" from that list
An "Comcast Business" graphic replaces the "To:" line
Type your message in the text area near the bottom of the window
Press Enter to send it

New Contributor

 • 

13 Messages

Thanks for your response. I already have a ticket [Edited: "Personal Information"] and if you can cause it to be expedited that would be great.  I do not want a tech, and do not want a new modem.  Getting a new modem would change my IPv6 delegation and would not fix the problem.  It would download the same broken firmware.  The only way to fix this problem is to revert the firmware (which the tech cannot do) or fix the current version.

(edited)

Official Employee

 • 

23 Messages

@user_c7e85c Thank you! I'm happy to hear that the request was already created. Unfortunately the system will not allow me to access the details needed to work with our peers to have the request escalated. I have to verify the account first. If you could please send us a direct message. I would need your name, the serivce address and the associated phone number, MAC address or Account number to verify the account and access the pending request. 

Please send us a direct message with your full name, full address, and phone number. • Click "Sign In" if necessary
Click the "Direct Messaging" icon in the top right corner
Click the "New message" (pencil and paper) icon
The "To:" line prompts you to "Type the name of a person". Instead, type "Comcast Business" there
As you are typing a drop-down list appears. Select "Comcast Business" from that list
An "Comcast Business" graphic replaces the "To:" line
Type your message in the text area near the bottom of the window
Press Enter to send it

New Contributor

 • 

6 Messages

4 months ago

This happened to me too, but on Jan 26th and so far Comcast hasn't been able to figure it out and claim everything is fine.

Thankfully my modem at home hasn't been updated and it still works, but it's only a matter of time until they bust that too I'm sure.

Almost $3000 a year I pay for this...

Official Employee

 • 

17 Messages

@idolum Please send us a direct message with your full name, business name, full address, and last four digits of your account number or full phone number.
 
• Click "Sign In" if necessary 
• Click the "Direct Messaging" icon in the top right corner
• Click the "New message" (pencil and paper) icon 
• The "To:" line prompts you to "Type the name of a person". Instead, type "Comcast Business" there 
• - As you are typing a drop-down list appears. Select "Comcast Business" from that list 
• - An "Comcast Business" graphic replaces the "To:" line 
• Type your message in the text area near the bottom of the window 
• Press Enter to send it

New Contributor

 • 

6 Messages

4 months ago

(even though 'Disable entire firewall' is turned on)

New Contributor

 • 

12 Messages

3 months ago

Thank you! I did not think to check the modem firewall! I was using tcpdump and wondering why my interface is not getting the IPv6 packets. Tier 2 support said they only support IPv6 up to the modem and the GUA is reachable, so they closed it. I am on my second Tier 2 ticket on this.

Edit: Definitely something on the firmware as I factory reset my modem and had support set up my static IP addresses again. They confirmed both IPv4 and IPv6 are correctly configured.

(edited)

Official Employee

 • 

21 Messages

Hey Allen. I do see the ticket open on the account, but until the tier 2 team reviews it to contact you there wouldn't be anything more I can do to speed it up. At this time the ticket is open for review for the tier 2 team, and they should reach out as soon as they work through your ticket. 

New Contributor

 • 

12 Messages

Thank you Eric. Can you add this thread to the ticket? I hope it convinces Tier 2 this is a wide spread issue affecting multiple users. Maybe they can finally get some movement on this, and not just troubleshoot my circuit. To add, I also see "Firewall Blocked" messages on my firewall logs similar to the screenshot above.

New Contributor

 • 

13 Messages

3 months ago

Checking the firewall won't help you.  The firmware upgrade is defective. It says the IPv6 firewall is disabled but it is actually enforcing in the default mode. I have been dealing with this for more than two weeks and getting nowhere.  Comcast says they're "working on it" but has not acknowledged the problem and has not given me a date when it will be fixed.  You're not alone. There are many affected customers--probably every business account that has gotten the upgrade.  I have repeatedly asked them to downgrade my firmware and they say they can't, although I know that they have done it for another customer with the same problem.  Unfortunately there is nothing you can do except continue to complain. 

New Contributor

 • 

12 Messages

Thanks @user_c7e85c.  The firewall just confirms the problem and I'm not going crazy. I have been trying to convince them it was an upstream issue, not thinking the modem is not honoring the "Disable firewall" setting. I added myself and my ticket to the DM as suggested earlier in this thread - every bit helps since all we can do is continue to complain.

Official Employee

 • 

21 Messages

I can notate it, but they normally wouldn't look at a Forums tread as they work on a case by case basis. Never hurts to try though. 

New Contributor

 • 

12 Messages

@Comcast_Eric​ Thank you. I'll mention it to them as well when they call.

New Contributor

 • 

6 Messages

They should have rolled back the update the day after we all reported this. It's ridiculous this is still broken, and Comcast doesn't appear to really care. The fix is simple. Yet they won't do it.

New Contributor

 • 

13 Messages

3 months ago

Having a very similar experience all of the sudden.  Hosts running IPv6 connected to the router can connect to hosts on the Internet.  Hosts behind my router on an IPv6 subnet can't seem to reach the Internet.  This was working fine just a few days ago.  My router is getting proper prefix delegation from the Comcast router and my IPv6 subnet is working correctly.  It appears that either the Comcast router is ignoring the Router Advertisements or the firewall is blocking the communications.

Going to guess this is the cause of the issue:

FW.IPv6 FORWARD drop , 8654 Attempts, 2024/2/22 14:55:11	Firewall Blocked

(edited)

New Contributor

 • 

13 Messages

@gantzm_mi​ 

What makes this even more frustrating is that the firewall is doing a DROP instead of a DENY.  The applications have no idea what's going on and you have to basically wait for a TCP timeout to occur for the application to incur an error.

Official Employee

 • 

21 Messages

 

gantzm_mi We would be happy to put in a ticket for you as well if you haven't had this done. 

Can you send us a direct message with your full name, name of account holder (if different), and service address please?

To send a "Direct Message" to Xfinity Support:

Click "Sign In" if necessary

Click the "Direct Messaging" icon (speech bubble)

Click the "New message" (pencil and paper) icon

The "To:" line prompts you to "Type the name of a person". Instead, type "Xfinity Support" there

- As you are typing a drop-down list appears. Select "Xfinity Support" from that list

- An "Xfinity Support" graphic replaces the "To:" line

Type your message in the text area near the bottom of the window

Press Enter to send it

 

New Contributor

 • 

13 Messages

@Comcast_Eric​ 

Xfinity Support does not show up in the list.  Is that because I have a business account or something?

"Comcast Business" - in a previous message does show up, sent a message there.

(edited)

Official Employee

 • 

24 Messages

That was the right move @user_c7e85c. I just replied to your message, and we'll be on standby.

Official Employee

 • 

41 Messages

gantzm_mi 'm glad everything is working out as it should please enjoy your weekend

New Contributor

 • 

13 Messages

3 months ago

So what's it going to take for Comcast to pay attention to this? I don't think they're even working on it. If they were, they would have quickly rolled back the firmware until they could fix it. At this rate it could take years. 

New Contributor

 • 

13 Messages

@user_c7e85c​ 

Do you know if there is any way from the modem web interface to know when the latest firmware was installed?

New Contributor

 • 

13 Messages

I don't think so. You can check the version under Connection/Comcast Network/Cable Modem. If you haven't rebooted your modem since the problem started, you could check the uptime.  My boot version is S1TC-3.77.21.67 and is definitely broken. I don't know if the version varies with the model of modem.

New Contributor

 • 

13 Messages

@user_c7e85c​ 

Yup, I've got the same exact version.  Go figure.

Contributor

 • 

27 Messages

I think the version you want to look at us under 'Software' on the left then 'Software Image Name'. On the CGA4332 modem, version 6.7p7s3 is the (current) broken version, 5.6p7s1 is the previous one which was working.

New Contributor

 • 

12 Messages

3 months ago

I seem to have struck out. Tier 2 support would not even look at this forum post even after mentioning it several times. He kept saying they do not support IPv6 and they are only responsible for delegating a prefix to the customer. I explained to him that I just want Comcast to route that traffic to my equipment and not block it; I can support my own hardware. He kept saying they are not blocking my traffic, except for the 5 ports globally blocked like SMTP and SMB. That traffic are the ones recorded in the modem's firewall logs. When I mentioned about firmware upgrades possibly breaking this, he said they did not perform any recent upgrades. I requested to be escalated and his response was they are the escalation team. I kept telling him that I am not seeing IPv6 packets on a tcpdump of the interface, and the modem is not sending it to me. That is all I ask of them; send me that packet. I was unable to convince him.

Maybe someone else would have better luck. For 13 minutes, I tried.

Edit: This means the entire /56 delegated prefix is useless for hosting services as only outbound IPv6 traffic works. I stripped my DNS zone of IPv6 addresses as I don't think this is getting resolved anytime soon.

(edited)

New Contributor

 • 

13 Messages

@allan​ 

Outbound only works on the IPv6 subnet local to the router.  If you actually try and use the /56 subnets behind a router they get blocked on the outbound side at the modem.

So yeah, you get a /56 but only the first /64 is actually usable.

This was in fact working perfectly find just a little while ago.

New Contributor

 • 

12 Messages

@gantzm_mi​ My setup and symptom are a bit different. Out of the 2603:3018:xxxx:xx00::/56 delegated to my account, the Comcast modem takes the first 2603:3018:xxxx:xx00::/59 and uses a /64 from that for its local switch DHCPv6. My firewall is then delegated the next one 2603:3018:xxxx:xx20::/59 and I use the first /64 out of that for my LAN. Whatismyip.com confirms it sees me on that delegated 2603:3018:xxxx:xx20::/59 subnet. This part continues to work; I am replying to you on it. I have no issues with outgoing connections before or after I factory reset the modem.

New Contributor

 • 

13 Messages

@allan​ I agree with you that it is going to be a long time, and the situation is absurd. However, I'm having a hard time empathizing with your 13 minutes.  I don't think I have ever gotten a human in less than 13 minutes.  By the time I negotiate their automated menu hell, get forced to reboot my modem at least once even though there's no chance it will make any difference, wait the required 10 minutes, and finally get a clueless person, it's usually at least 15 minutes, more like 20. Then it's at least 15 more before I give up, recognizing that the technical support agent doesn't have any idea what IPv6 is, and doesn't even understand the concept of packet delivery. If I look at the ticket later, it usually says something like "complaining that he can't get to an internet site."

New Contributor

 • 

12 Messages

@user_c7e85c​ That 13 minutes was actual conversation time with this one Tier 2 support person - trying to convince him of the problem. I already spent a couple of days on this, and this is my 4th ticket on it. I didn't count how much time it took to convince Tier 1 to escalate, but I'm sure we have similar experiences.

Edit: I looked at the comments on my tickets. The first one said "Sales Pitch" !!

(edited)

New Contributor

 • 

13 Messages

@allan​ 

OK, this is getting more interesting.  So I configured IPv6 to Custom Security on the modem and selected "Disable entire firewall".

Now, my outbound connections are working same as yours.  But inbound connections do not work, same as yours.

New Contributor

 • 

13 Messages

3 months ago

I just got a call from tier 2 technical support hoping to resolve the problem of "not being able to get to certain websites."  I tried to explain why that ticket was wrong, that the problem is that the modem is blocking incoming IPV6 packets, and that it can only be fixed by reverting the firmware or correcting the firmware.  She said she would send a tech to replace my modem--which I refused, of course, since that would cause even more trouble by changing my IPv6 delegation. I asked her to escalate this issue to whatever department manages firmware, but she assured me that Comcast doesn't have a firmware department. This *might* be funny if it weren't causing critical disruptions to service, now at 2.5 weeks.

New Contributor

 • 

13 Messages

3 months ago

Some potentially good news: The issue is getting escalated! I just had a phone chat with an intelligent Comcast employee who took some great notes and is forwarding our issue to folks that deal with these specific kinds of problems.

I'll refrain from naming names as I don't want anyone getting distracted from a bombardment of messages.

New Contributor

 • 

13 Messages

Great news, and thanks! Without naming names, how did you get to somebody like that? I still haven't found anybody who understands what IPv6 is and the difference between inbound and outbound.

New Contributor

 • 

12 Messages

@gantzm_mi​ That's great news!

New Contributor

 • 

13 Messages

@user_c7e85c​ 

I basically do this for a living. So I asked nicely and provided plenty of details along with experiments I did showing how the modem works with the different settings.  I also detailed how the current settings differ from how they used to work.

New Contributor

 • 

12 Messages

I also have some good news to share! I just got off the phone with a Tier 2 support person. He said that engineering has identified some Comcast Business modems running on "version 2" are experiencing the symptoms I reported. He created a new ticket for them to look at my modem.

New Contributor

 • 

13 Messages

Astounding! I got all the way to a tier 4 tech and he still doesn't seem to understand that I'm not complaining that there are certain websites I can't get to over ipv6. Plus I think he spends his days sitting at his desk waiting for other people to do things. Every time I write him, he says, "I haven't heard back from the CPE team" and then doesn't do anything until I write him again.

New Contributor

 • 

13 Messages

3 months ago

I just received a call from Comcast Business.  The internal team that deals with this has indicated the firmware is buggy and a patch is in the works.  No ETA for the patch was given though.

I would imagine this issue has to work its way back to the modem vendor ( Technicolor? ) , software updated, patches tested, then pushed back to Comcast for testing, then pushed out to the modems.

But, at least we have an acknowledgement and are moving forward.

New Contributor

 • 

13 Messages

Maybe we'll get it sooner than you think.  If Comcast did any firmware testing at all, they wouldn't have missed this HUGE issue.  I'm guessing they will skip the testing phase.

New Contributor

 • 

13 Messages

3 months ago

Huge update!

A firmware patch was pushed out to my modem.  The new firmware version is "CGA4332COM_6.7p9s1_PROD_sey".  I've tested both versions of the IPv6 firewall settings and this patch appears to correct the issues.

It will be interesting to see if this version has been pushed to everyone and if it has fixed the issues.

New Contributor

 • 

13 Messages

3 months ago

Yes, I got it yesterday morning.  It does fix the issues.  One thing to look out for--the upgrade changed my setting for the IPv4 firewall.  I re-entered my custom setting of "disable the firewall completely" and it worked. The IPv6 firewall setting remained disabled, and it actually works now. :)

New Contributor

 • 

13 Messages

I would like to add that I am grateful to the moderators of this forum for believing us when we said there was a problem, and for pursuing it until it was fixed.  I do not think it would have happened without their intervention, and certainly not as quickly.  

New Contributor

 • 

3 Messages

2 months ago

Would this cause a huge slow down in speed?

I've been working with Comcast since mid February when my speed when from 2GBs down to 200Mbs. they replaced the modem, it worked for a day or two and then slowed down again. At the time I said is it possible the modem they swapped it out for had previous firmware on it? They assured me that wasn't it. A few days later, same thing happened. I just heard from my local supervisor who has been very responsive.. and he said that it is a firmware problem after all but doesn't have any info on when it will be fixed. My modem information is below. How can I tell if I have the new firmware referenced in this thread?

Model:CGA4332COM
Vendor:Technicolor
Hardware Revision:2.3

Official Employee

 • 

12 Messages

Hello adamr thank you for taking the time to reach out to us on our Business forums. You should see this information when logging into the modem via the Admin page.  Our article below will show you how to do this. 

 

Set up and manage your Comcast Business Wireless Gateway - Under the final header "Log in and Secure the Admin Tool"

 

New Contributor

 • 

13 Messages

@Comcast_Alfonso​ This issue would not cause a slowdown.