This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block Google Chrome Remote Desktop

What rule or NAT should be used to prevent computers on the network from being remotely accessed via Chrome Remote Desktop?

It is suggested (https://support.google.com/chrome/a/answer/2799701?hl=en) to "black hole" chromoting-host.talkgadget.google.com.

How can this be done?



This thread was automatically locked due to age.
Parents
  • Thank you for the response but I do not use web filtering. That's why I asked about using a firewall rule or NAT, specifically.

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

  • Hi Jeff,

    Try this, create a DNS group1 with FQDN chromoting-host.talkgadget.google.com and another DNS group2 with FQDN chromoting-oauth.talkgadget.google.com and chromoting-client.talkgadget.google.com.

    Configure a DNAT policy - DNS group1 -> Any -> External (Address) : non-existant IP address.

    This configuration will map the traffic on an non-existing blackhole IP address.

    Next, go to Network Services> DNS> Request Routing, configure a new DNS request route for chromoting-oauth.talkgadget.google.com and chromoting-client.talkgadget.google.com. PFA screenshot:


    Add one more firewall rule ANY-ANY- DNS group2 : drop.

    Hope that helps

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • Hi Jeff,

    Try this, create a DNS group1 with FQDN chromoting-host.talkgadget.google.com and another DNS group2 with FQDN chromoting-oauth.talkgadget.google.com and chromoting-client.talkgadget.google.com.

    Configure a DNAT policy - DNS group1 -> Any -> External (Address) : non-existant IP address.

    This configuration will map the traffic on an non-existing blackhole IP address.

    Next, go to Network Services> DNS> Request Routing, configure a new DNS request route for chromoting-oauth.talkgadget.google.com and chromoting-client.talkgadget.google.com. PFA screenshot:


    Add one more firewall rule ANY-ANY- DNS group2 : drop.

    Hope that helps

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data