DNS group for all Teamviewer server

Hello!

I want to create a DNS group, which automatically captures all Teamviewer server. I know how to create a DNS group. But which DNS name should I use?

Thanks in advance for your help.

  • This is a very dynamic problem...You can not use wildcard (*) with network definitions (e.g. *.teamviewer.com)

    Now it depends on what your aim is?

     

    If teamviewer updates & connections should work everywhere:

     

    In Sophos Webfilter there should already be an exception for Teamviewer like

    ^https?://(?:[A-Za-z0-9-]+\.)+teamviewer\.com/?

     

    Just check/add exception for authentication, URL Filter, SSL-Check, extension blocking and MIME-Typ blocking and teamviewer & updates should work now.

     

    regards

  • In reply to Steve Weißflog:

    To create a firewall rule limited by Teamviewer-port and -Hosts.

  • In reply to Steve Weißflog:

    teamviewer.com resolves the webpage only

    *.teamviewer.com does not work in a DNS group

  • What do you mean by capture?   If you want to block all use of Teamviewer, the easiest way is to block port 5938 with a FireWall Rule.    But blocking webfilter with *.teamviewer.com should also work.   Teamviewer has 1000s of servers all over the world, which are used randomly, so control based on IP is not a very workable approach.

  • In reply to DouglasFoster:

    I want to allow traffic from some internal hosts usind port 5938 to Teamviewer servers without proxy. My idea was to use a DNS group to automatically capture all Teamviewer IPs. For example: pool.ntp.org resolves at least 3 IPs.

  • In reply to offn:

    As already said this is not really possible/useful for the Firewall because you can't use */wildcard-definitions...

    I know that there is already a feature request for that use case...

     

    Teamviewer is very dynamic - you would need a list with ALL DNS-Server addresses from Teamviewer and add every single DNS-Host and I think there will be still some IPs of Teamviewer missing...

     

    I prefer to use Webfilter/Proxy for Teamviewer traffic...

     

    In your case it is maybe easier to open Teamviewer Port 5938 generally on Firewall than to add every Teamviewer DNS-Host...

     

    regards

  • In reply to offn:

    So just allow traffic on Port 5938 from these internal hosts (you can build a network group for all hosts) to internetIPv4

    regards

  • In reply to DouglasFoster:

    There is normally no need to block port 5938 explizit... if there is not a rule that allows "any" or this port/portrange the port 5938 also will be "default" dropped...

    But be careful if port 5938 is blocked - Teamviewer tries to tunnel traffic over https...

     

    regards

  • I use the Application Control to allow/deny Teamviewer