Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 18276 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Teamviewer Connections Blocked In Proxy Standard Mode

Philipp N.

Hi community,

last week our Teamviewer connections suddenly stopped working from one day to the other. After hours of searching the source of the issue, I finally reached the point where I can tell it is caused by the webfilter of our SG230 UTM 9.510-5. Following behaviour:

- proxy in standard mode
- webfilter log shows 504 errors with timeouts while trying to reach ping3.teamviewer.com
- tcpdump on client shows the the connection gets interrupted and tries to retransmit the initial packet several times
- firewall log shows blocked packages from client to teamviewer server (I assume the retransmit packages get blocked because they do not pass thru the webfilter but over 443)

If I switch to transparent mode and add the destination host to the skip list, the teamviewer connections start working again.

So my question is: how can I teach the SG in transparent mode to do the "same" it does with the hosts in the skip list in transparent mode?



This thread was automatically locked due to age.
Parents
  • 0

    Do you have the following Exception?

    Teamviewer Remote Access 
    Skipping: Sandstorm / SSL scanning
    Matching these URLs: ^https?://(?:[A-Za-z0-9-]+\.)+teamviewer\.com/?

    If that doesn't work in Standard mode, you must skip *.teamviewer.com in 'Proxy Settings' in your browser.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Tools like TeamViewer need a session from the desktop device.   The whole purpose of Standard Mode is to create the session from the UTM device.   So the technologies are fundamentally incompatible.   You need to exclude teamviewer.com from your proxy script rather than at the UTM level.

    Also like most remote access solutions, TeamViewer uses two sessions, one on https for authentication, and one on  port 5938 for the actual session.   As others have noted, the second session uses an IP address instead of a name, and it chooses from servers all over the world.   So Country Blocking can cause problems as well.

    I have Transparent Mode enabled as well as Standard mode, so the Standard Mode bypass still hits the webfilter in transparent mode, but transparent mode only affects the port 443 session.   Then I have a rule to override country blocking for designated source addresses connecting to port 5938.  

Reply
  • 0 in reply to BAlfson

    Tools like TeamViewer need a session from the desktop device.   The whole purpose of Standard Mode is to create the session from the UTM device.   So the technologies are fundamentally incompatible.   You need to exclude teamviewer.com from your proxy script rather than at the UTM level.

    Also like most remote access solutions, TeamViewer uses two sessions, one on https for authentication, and one on  port 5938 for the actual session.   As others have noted, the second session uses an IP address instead of a name, and it chooses from servers all over the world.   So Country Blocking can cause problems as well.

    I have Transparent Mode enabled as well as Standard mode, so the Standard Mode bypass still hits the webfilter in transparent mode, but transparent mode only affects the port 443 session.   Then I have a rule to override country blocking for designated source addresses connecting to port 5938.  

Children
No Data
Unfiltered HTML