To the knowledge base

Does the FRITZ!Box support TR-069?

Yes, the FRITZ!Box supports the protocol TR-069 (Technical Report 069) for secure data exchange between the FRITZ!Box and the cable provider.

TR-069 makes it easier to start using your FRITZ!Box because the cable provider can set up internet access, telephony, and television services (IPTV) remotely and adapt them to his network without having to send a technician. It is also quicker to correct internet connection problems with TR-069 because the cable provider can query the status of the internet connection and telephony, evaluate log files, and adjust the configuration of the FRITZ!Box when there is a problem.

TR-069 makes it possible for the cable provider to react quickly to security breaches and install FRITZ!OS updates or restore the original settings of a FRITZ!Box.

TR-069 is supported by many cable providers.

1 Is TR-069 secure?

Strict security mechanisms are implemented in TR-069 that guarantee secure data exchange between the FRITZ!Box and the cable provider's auto configuration server (ACS).

If the cable provider wants the FRITZ!Box to establish a connection to its ACS, it normally contacts the FRITZ!Box via TCP port 8089 under a previously negotiated URI Uniform Resource Identifier. The FRITZ!Box does not respond to these request. Instead, it checks the authenticity and integrity of these requests. During this process, no data is sent from the FRITZ!Box to the cable provider.

The FRITZ!Box only establishes a new, (HTTPS) encrypted connection to the ACS if it was able to verify the authenticity and integrity of the request.

The ACS can then transfer settings to the FRITZ!Box or install a digitally-signed FRITZ!OS update provided by AVM. However, the ACS cannot read the account information stored in the FRITZ!Box.

This mechanism protects the FRITZ!Box from attacks over TR-069 because it only contacts auto configuration servers it is already familiar with and no data can be read using the ports used by the ACS to establish contact.

2 Is TR-069 enabled?

  1. Click "Diagnostics" in the FRITZ!Box user interface.
  2. Click "Security" in the "Diagnostics" menu.
  3. Whether TR-069 is enabled is displayed in the section "Provider services (TR069)".

3 How is TR-069 configured?

TR-069 is enabled in the factory settings of the FRITZ!Box to allow automatic setup and remote maintenance of the FRITZ!Box. We recommend keeping these settings:

Important:It may not be possible to adjust these settings on FRITZ!Boxes supplied by cable providers. If this is the case, the options are grayed out or not shown. If you have any questions about TR-069, contact your provider.

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Account Information" or "Type of Connection" in the "Internet" menu.
  3. Click on the "Provider Services" tab. If the tab is not displayed, TR-069 is not enabled and also cannot be enabled.
  4. Enable the option "Allow automatic configuration by the service provider" so your cable provider can automatically set up internet access and telephony.
  5. Enable the option "Permit automatic updates" so your cable provider can update the FRITZ!OS of your FRITZ!Box if necessary.
  6. Enable the option "Observe the URL of the Auto Configuration Server over DHCP" so that the FRITZ!Box observes the address (URL) of the auto configuration server (ACS) if the cable provider supplies it over DHCP.

    Note:This option can only be used if the FRITZ!Box obtains its IP settings from the cable provider via DHCP.

  7. Click "Apply" to save the settings.