To the knowledge base

Does the FRITZ!Box support TR-069?

Yes, the FRITZ!Box supports the protocol TR-069 (Technical Report 069) for secure data exchange between the FRITZ!Box and the internet service provider.

TR-069 makes it easier to start using your FRITZ!Box because the internet service provider can set up internet access, telephony, and television services (IPTV) remotely and adapt them to his network without having to send a technician. It is also quicker to correct internet connection problems with TR-069 because the internet service provider can query the status of the internet connection and telephony, evaluate log files, and adjust the configuration of the FRITZ!Box when there is a problem.

TR-069 makes it possible for the internet service provider to react quickly to security breaches and install FRITZ!OS updates or restore the original settings of a FRITZ!Box.

TR-069 is supported by many internet service providers.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Is TR-069 secure?

Strict security mechanisms are implemented in TR-069 that guarantee secure data exchange between the FRITZ!Box and the internet service provider's auto configuration server (ACS).

If the internet service provider wants the FRITZ!Box to connect to its ACS, it normally contacts the FRITZ!Box via TCP port 8089 under a previously negotiated URI Uniform Resource Identifier. The FRITZ!Box does not respond to these request. Instead, it checks the authenticity and integrity of these requests. During this process, no data is sent from the FRITZ!Box to the internet service provider.

The FRITZ!Box only establishes a new, (HTTPS) encrypted connection to the ACS if it was able to verify the authenticity and integrity of the request.

The ACS can then transfer settings to the FRITZ!Box or install a digitally-signed FRITZ!OS update provided by AVM. However, the ACS cannot read the account information stored in the FRITZ!Box.

This mechanism protects the FRITZ!Box from attacks over TR-069 because it only contacts auto configuration servers it is already familiar with and no data can be read using the ports used by the ACS to establish contact.

2 Is TR-069 enabled?

  1. Click "Diagnostics" in the FRITZ!Box user interface.
  2. Click "Security" in the "Diagnostics" menu.
  3. Whether TR-069 is enabled is displayed in the section "Provider services (TR069)".

3 How is TR-069 configured?

TR-069 is enabled in the factory settings of the FRITZ!Box to allow automatic setup and remote maintenance of the FRITZ!Box. We recommend keeping these settings:

Important:It may not be possible to adjust these settings on FRITZ!Boxes supplied by internet service providers. If this is the case, the options are grayed out. If you have any questions about TR-069, contact your provider.

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Account Information" in the "Internet" menu.
  3. Click on the "Provider Services" tab. If the tab is not displayed, TR-069 is not enabled and also cannot be enabled.
  4. Enable the option "Allow automatic configuration by the service provider" so your internet service provider can automatically set up internet access and telephony.
  5. Enable the option "Permit automatic updates" so your internet service provider can update the FRITZ!OS of your FRITZ!Box if necessary.
  6. Enable the option "Observe the URL of the Auto Configuration Server over DHCP" so that the FRITZ!Box observes the address (URL) of the auto configuration server (ACS) if the internet service provider supplies it over DHCP.

    Note:This option can only be used if the FRITZ!Box obtains its IP settings from the internet service provider via DHCP.

  7. Click "Apply" to save the settings.