blocking teamviewer
I need to create a policy to schedule the use of teamviewer.
Teamviewer host is installed inside my LAN, what I want is people to connect to it only on work hours.
Teamviewer uses ports 5938, 443, 80.
What kind of policy is best suited?
Http proxy policy? Packet filter any any policy with application control? Lan to any external? External to trusted? Port based policy?
Xtm330 12.1.1
0
Sign In to comment.
Comments
I would set up a Custom Packet Filter for TCP & UDP port 5938.
Assuming that this in incoming connections from the Internet, you would need to set up a SNAT for this access, and than apply the SNAT in the From: field of the above policy.
You can then apply the desired Schedule on this policy.
TCP/UDP Port 5938
TeamViewer prefers to make outbound TCP and UDP connections over port 5938 – this is the primary port it uses, and TeamViewer performs best using this port. Your firewall should allow this at a minimum.
TCP Port 443
If TeamViewer can’t connect over port 5938, it will next try to connect over TCP port 443.
However, our mobile apps running on Android, iOS and Windows Mobile don't use port 443.
https://community.teamviewer.com/t5/Knowledge-Base/Which-ports-are-used-by-TeamViewer/ta-p/4139
TeamViewer normally uses 5938 outbound and needs no open inbound ports, i.e., no SNAT to internal systems. It will try 443, too, if 5938 is not open. TV can be set to force UDP which can help with blocking. I don't allow UDP 443 outbound.
Assuming you do egress filtering, an outbound packet filter on a schedule may work, going from Any-Trusted (or a specific computer IP or range) on TCP & UDP ports 5938, set to Allow, and going To Any-External. You also could add an HTTPS proxy To the TeamViewer domains and allow on a schedule.
Maybe put policies above these that are Deny to the same things, on a schedule of time when you want to block.
Gregg Hill