So Xfinity has an “advanced security” option which I’ve enabled on my network, however, what I’ve noticed is that even though i have Port 8123 forwarded on the router, if I’m not home or on my network and attempt to use the HA IOS app to connect to HA using my external duckdns address, the advanced security blocks the request as a threat and AFTER I get a message in the XFI app, I can “allow access for 30 days” for my phone, with the IP it’s currently using at the time.
My question is, does anyone else experience this, and alongside of just “disabling” the advanced security feature, is there something else I can do? After seeing that there have been requests from other countries, trying to access my network on that port, I’m hesitant to simply disable the features, but it’s rather annoying, that I constantly struggle to access HA from my IOS device If I’m not home.
Home Assistant has some tools such as Home Assistant Companion used with WireGuard VPN and DuckDNS. But Not perfectly.
Xfinity blocks Nat Reflection (loop back) which would allow for seamless solution. Then they do not allow you to change the DNS address that is served up by their DHCP settings, which kills the other way around problems.
I have seen these notification ever since I enabled external access. I get these even when I am at home. I have it setup so that internal URL is preferred over external when I access from home. I guess, its a good layer of filtering to have if you dont have an advanced firewall setup.
So far, I have not had HA access get blocked due to this when I am away.
If its a constant problem for you, I suggest setting up a local VPN or use something like Zerotier (easier).