We'd love to hear about it! Click here to go to the product suggestion community
I want to create a DNS group, which automatically captures all Teamviewer server. I know how to create a DNS group. But which DNS name should I use?
Thanks in advance for your help.
This is a very dynamic problem...You can not use wildcard (*) with network definitions (e.g. *.teamviewer.com)
Now it depends on what your aim is?
If teamviewer updates & connections should work everywhere:
In Sophos Webfilter there should already be an exception for Teamviewer like
Just check/add exception for authentication, URL Filter, SSL-Check, extension blocking and MIME-Typ blocking and teamviewer & updates should work now.
In reply to Steve Weißflog:
To create a firewall rule limited by Teamviewer-port and -Hosts.
teamviewer.com resolves the webpage only
*.teamviewer.com does not work in a DNS group
What do you mean by capture? If you want to block all use of Teamviewer, the easiest way is to block port 5938 with a FireWall Rule. But blocking webfilter with *.teamviewer.com should also work. Teamviewer has 1000s of servers all over the world, which are used randomly, so control based on IP is not a very workable approach.
In reply to DouglasFoster:
I want to allow traffic from some internal hosts usind port 5938 to Teamviewer servers without proxy. My idea was to use a DNS group to automatically capture all Teamviewer IPs. For example: pool.ntp.org resolves at least 3 IPs.
In reply to offn:
As already said this is not really possible/useful for the Firewall because you can't use */wildcard-definitions...
I know that there is already a feature request for that use case...
Teamviewer is very dynamic - you would need a list with ALL DNS-Server addresses from Teamviewer and add every single DNS-Host and I think there will be still some IPs of Teamviewer missing...
I prefer to use Webfilter/Proxy for Teamviewer traffic...
In your case it is maybe easier to open Teamviewer Port 5938 generally on Firewall than to add every Teamviewer DNS-Host...
So just allow traffic on Port 5938 from these internal hosts (you can build a network group for all hosts) to internetIPv4
There is normally no need to block port 5938 explizit... if there is not a rule that allows "any" or this port/portrange the port 5938 also will be "default" dropped...
But be careful if port 5938 is blocked - Teamviewer tries to tunnel traffic over https...
I use the Application Control to allow/deny Teamviewer