Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Teamviewer with SSL Inspection - transparent mode - does not work

Daniels_UTM

I have a poblem at severla customer sites, where we are deploy the SSL inspection.

 

Teamviewer works good, if only http inspection is running. After we turn on SSL Inspection everything - except Teamviewer - runs quite good.

 

 

1. i can not see any blocks in the webproxy LOG

2. i can not see any other blocks in IDS/IPS or APPControl

3. if i switch off SSL inspection for the test client, Teamviewer works fine

 

 

 

We inspect the following categories:

 

 
Anonymizers
 
 
Anonymizing Utilities
 
 
Browser Exploits
 
 
Categorization Failed
 
 
Gambling
 
 
Gambling Related
 
 
Games
 
 
Hacking/Computer Crime
 
 
Hate/Discrimination
 
 
Illegal Software
 
 
Malicious Downloads
 
 
Malicious Sites
 
 
Media Downloads
 
 
Media Sharing
 
 
P2P/File Sharing
 
 
Parked Domain
 
 
Personal Network Storage
 
 
Personal Pages
 
 
Phishing
 
 
Pornography
 
 
Potentially Unwanted Programs
 
 
Residential IP Addresses
 
 
Search Engines
 
 
Shareware/Freeware
 
 
Social Networking
 
 
Spam URLs
 
 
Spyware/Adware
 
 
Uncategorized
 
 
Visual Search Engine
 
 
Web Mail

 

and have the follwing exception rule applied:

  Teamviewer Remote Access [Work around Teamviewer SSL handshake Bug]
Ausnehmen: Authentifizierung / Zwischenspeichern / Download-Größe / Antivirus / Sandstorm / Dateierweiterungen / MIME-Typ / URL-Filter / Inhaltsentfernung / SSL-Scan / Zertifikat-Vertrauensprüfung / Zertifikatsdatumsprüfung / Download/Scan-Fortschrittsseite nicht anzeigen
Diese URLs betreffend: ^https?://(?:[A-Za-z0-9-]+\.)+teamviewer\.com/?
^http?://(?:[A-Za-z0-9-]+\.)+teamviewer\.com/?


This thread was automatically locked due to age.
  • 0

    This is expected.

    Teamviewer uses two sessions - the https session on port 443 for initialization, and a second session on port 5938.   This is typical of many remote-access applications.

    HTTPS inspection means that the first session comes from UTM, but the second session comes from the client.   This confuses the process and the startup fails.

    You need an exception to omit https inspection for Teamviewer and similar applications.  You also need to exclude outbound port 5938 from country blocking or other firewall blocks. 

    • 0 in reply to DouglasFoster

      Thank you for the explanation how TV works.

       

      My problem is the security view - it is not allowed to open a port to any like the 5938 - also we have seen Trojans wich communicate through that port.

       

      So i have an exception for Teamviewer domains (end of my post before) in http & https. Country Blocking is not active also the IDS/APPControll Logs are empty