Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 5515 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TeamViewer Failing to Connect

Paul Dugas

Trying to use TeamViewer QuickSupport on an Android device that's on one internal network (10.10.0.0/24) and access it from a PC on another (192.168.12.0/24). I have FW rules allowing outbound TCP/UDP 5938. Both can "activate" TV and get an ID. When I try to connect, I get the permission request on the Android device, tap Allow, and it spins for a bit but i fails to connect. 

I've disabled the web filter, application control, intrusion detection, etc. and nothing seems to work.  Noticed "TeamViewer" appears in the firewall live log. Note the two DROP lines in the pic below. Looks like TV has negotiated a pair of ports for the phone and PC to use but the firewall isn't allowing those other ports. Seems like it's tracking them though. Curious.

 



This thread was automatically locked due to age.
  • 0

    Oddly, I just found I can go the other way and see the PC from the phone.  Digging more...

  • 0 in reply to Paul Dugas

    Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post the lines corresponding to the two drops above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I think the corresponding packetfilter log entries are below.

    2018:10:30-09:25:51 remote ulogd[29200]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="lag0.102" mark="0x3248" app="584" srcmac="24:77:03:e2:2b:b4" dstmac="40:62:31:01:7a:34" srcip="192.168.12.101" dstip="76.X.Y.115" proto="17" length="124" tos="0x00" prec="0x00" ttl="64" srcport="38988" dstport="41979"

    2018:10:30-09:25:51 remote ulogd[29200]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="lag0" mark="0x3248" app="584" srcmac="fc:db:b3:6d:7e:c6" dstmac="40:62:31:01:7a:34" srcip="10.10.0.114" dstip="76.X.Y.115" proto="17" length="124" tos="0x00" prec="0x00" ttl="64" srcport="41979" dstport="38988"

  • 0 in reply to Paul Dugas

    "60001" means a drop out of the INPUT chain, Paul.  Show us the Edits of the rules you think should allow these packets and tell us why internal IPs would attempt to reach the public IP you're posting from.

    Cheers - Bob
    PS I modified the post to just show the two blocked line and I obfuscated your public IP.  I deleted the image from your first post since your IP was in clear text.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML