turn off remote access to g1100?
iy508
Enthusiast - Level 3

I have recently signed up for fios and have been supplied with a verizon g1100 wireless router.  Both the fios service and the router are working without problems. 

However, I see that the router reports its internal settings, including my wireless password, to verizon, because I can view them when I sign in to my verizon account.  Also, the user guide for the router says (p.14, line 6) "Firmware updates are performed automatically by verizon".  I can understand the convenience of these arrangements for verizon and some users, but I also see them as a potential security risk.   Is there a way that I can forgo the convenience and turn off external access to the g1100?   I know that I can replace the verizon router with one of my own, but it seems otherwise satisfactory, so I would like to keep using it if I can do so more securely.

0 Likes
Re: turn off remote access to g1100?
smith6612
Community Leader
Community Leader

The external access portion to the router is baked into the firmware, so there is not really an easy way to turn it off short of replacing the router, or having the Verizon router sit behind yours with a firewall capable of blocking the traffic. Verizon is using the TR-069 management standard on the routers.

In the past, the older ActionTec routers could actually inadvertently be set up to Firewall the TR-069 management port before the router would connect to the Internet. To set that up, you would disconnect the router from the Internet, reboot it, then create and save a Firewall rule. You could see if that trick still works on the G1100.

Re: turn off remote access to g1100?
iy508
Enthusiast - Level 3

Thanks, that's helpful.  Searching for TR-069 I find that it uses port 4567.  I'll see whether I can block that port with a firewall rule, and if so whether it stops my password appearing on verizon's webpage. 

0 Likes
Re: turn off remote access to g1100?
viafax999
Community Leader
Community Leader

@iy508 wrote:

Thanks, that's helpful.  Searching for TR-069 I find that it uses port 4567.  I'll see whether I can block that port with a firewall rule, and if so whether it stops my password appearing on verizon's webpage. 


You'll find a port forwarding rule for port 4567 in the firewall section forwarding to local host 127.0.0.1 - it's marked as Verizon FIOS service

Unfortunately it is a Verizon pf rule that is non modifiable other than by putting your router in front of the Verizon router and forwarding everything else other than 4567

Re: turn off remote access to g1100?
iy508
Enthusiast - Level 3

Hmm.  I couldn't introduce another firewall rule in front of theirs?  In my simple setup, there would be no point in using their router at all if I put another router in front of it.  I might as well let the other router do the whole job.

0 Likes
Re: turn off remote access to g1100?
Anti-Phish1
Master - Level 1

You don't indicate if you have FIOS-TV or not. 

If you do, you still need the VZ router to provide MOCA LAN for the STBs.

0 Likes
Re: turn off remote access to g1100?
iy508
Enthusiast - Level 3

@Anti-Phish wrote:

You don't indicate if you have FIOS-TV or not. 

If you do, you still need the VZ router to provide MOCA LAN for the STBs.


No, I just have internet.

0 Likes
Re: turn off remote access to g1100?
viafax999
Community Leader
Community Leader

@iy508 wrote:

@Anti-Phish wrote:

You don't indicate if you have FIOS-TV or not. 

If you do, you still need the VZ router to provide MOCA LAN for the STBs.


No, I just have internet.


Then just connect your own router to the the vdsl modem - just realized you are the same poster that was asking about ip addresses on a vdsl modem.
Release the ip address on the verizon router before doing this or wait at least 2 hours for the ip address to release after disconnecting the verizon router.

Re: turn off remote access to g1100?
iy508
Enthusiast - Level 3

Yes, I've done that.  It just seems a shame to waste the new verizon wireless router, which is slightly faster than my old one.

Both questions were in the interest of blocking potential security holes.  It is obvious that the router with port 4567 open carries a risk.  I'm still wondering about the modem, but if you have any more to say about that, let's do it in the other thread to keep things straight.

0 Likes
Re: turn off remote access to g1100?
iy508
Enthusiast - Level 3

Someone, not me, has marked this problem as solved.  It isn't solved as far as I am concerned.

0 Likes