This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS group for all Teamviewer server

Hello!

I want to create a DNS group, which automatically captures all Teamviewer server. I know how to create a DNS group. But which DNS name should I use?

Thanks in advance for your help.

This thread was automatically locked due to age.

0 Steve Weißflog over 4 years ago

This is a very dynamic problem...You can not use wildcard (*) with network definitions (e.g. *.teamviewer.com)

Now it depends on what your aim is?

If teamviewer updates & connections should work everywhere:

In Sophos Webfilter there should already be an exception for Teamviewer like

^https?://(?:[A-Za-z0-9-]+\.)+teamviewer\.com/?

Just check/add exception for authentication, URL Filter, SSL-Check, extension blocking and MIME-Typ blocking and teamviewer & updates should work now.

regards
Cancel
Vote Up 0 Vote Down

Cancel
0 offn over 4 years ago in reply to Steve Weißflog

To create a firewall rule limited by Teamviewer-port and -Hosts.
Cancel
Vote Up 0 Vote Down

Cancel
0 offn over 4 years ago in reply to Steve Weißflog

teamviewer.com resolves the webpage only

*.teamviewer.com does not work in a DNS group
Cancel
Vote Up 0 Vote Down

Cancel
0 DouglasFoster over 4 years ago

What do you mean by capture? If you want to block all use of Teamviewer, the easiest way is to block port 5938 with a FireWall Rule. But blocking webfilter with *.teamviewer.com should also work. Teamviewer has 1000s of servers all over the world, which are used randomly, so control based on IP is not a very workable approach.
Cancel
Vote Up 0 Vote Down

Cancel
0 offn over 4 years ago in reply to DouglasFoster

I want to allow traffic from some internal hosts usind port 5938 to Teamviewer servers without proxy. My idea was to use a DNS group to automatically capture all Teamviewer IPs. For example: pool.ntp.org resolves at least 3 IPs.
Cancel
Vote Up 0 Vote Down

Cancel
0 Steve Weißflog over 4 years ago in reply to offn

As already said this is not really possible/useful for the Firewall because you can't use */wildcard-definitions...

I know that there is already a feature request for that use case...

Teamviewer is very dynamic - you would need a list with ALL DNS-Server addresses from Teamviewer and add every single DNS-Host and I think there will be still some IPs of Teamviewer missing...

I prefer to use Webfilter/Proxy for Teamviewer traffic...

In your case it is maybe easier to open Teamviewer Port 5938 generally on Firewall than to add every Teamviewer DNS-Host...

regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Steve Weißflog over 4 years ago in reply to offn

So just allow traffic on Port 5938 from these internal hosts (you can build a network group for all hosts) to internetIPv4

regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Steve Weißflog over 4 years ago in reply to DouglasFoster

There is normally no need to block port 5938 explizit... if there is not a rule that allows "any" or this port/portrange the port 5938 also will be "default" dropped...

But be careful if port 5938 is blocked - Teamviewer tries to tunnel traffic over https...

regards
Cancel
Vote Up 0 Vote Down

Cancel
0 papa_ over 4 years ago

I use the Application Control to allow/deny Teamviewer
Cancel
Vote Up 0 Vote Down

Cancel