i try to block Teamviewer applying a specific application filter to my LanToWan rule.
I select Teamviewer Conferencing and Teamviewer File Transfer as Application filter criteria.
Team Viewer is still working.
I check the patterns which are all updated.
Searching in Sophos Community i didn't find any indication which can help me.
Can someone show to me how can i block Teamviewer?
Thank you in advance
do you decrypt and scan enabled? Have you installed the ca on the offending pc?what other rules do you active that allow this pc to access the internet?
are you using ips in the rule?
and finally please check the TeamViewer exceptions are disabled.
yes decrypt and scan is enabled and to test the block for Teamviewer i create a test Application filter.
I not installed the CA yet and i use IPS rule.
Using other vendors UTM i was able to select the single application to block from a panel, without deploy certificates and without using any other configuration.
I made some test in Sophos XG and i was able to block i.e. Whatsapp. The only thing i need to do is select the app filter for whatsapp and the game is on.
Can you describe to me the correct sequence i need to apply at the XG configuration to use the correct blocking rules for Teamviewer, please?
did you disable the teamviewer exceptions in web proxy?
from memory teamviewer is also a web URL. I don’t have access to my XG at the moment to add extra information.
I installed team viewer and tried to block it using an application filter (TeamViewer is only a desktop application which uses web browser), that failed because team viewer users a web interface and needs web filters built to block it.
If you you would like I will continue in the morning and post my suggested filter settings.
Thanks a lot for your help.
I'll waiting for your indication, after you'll check the configuration.
a caveat to my testing. I run both IP4 and IPv6 and due to limitation within the current XG version of IPv6 I am not able to block TeamViewer.
I was able to block TeamViewer through IP4 firewall rules.
1/. create a FQDN group of teamviewer
2/. create and FQDN of *.teamviewer.com add to FQDN group.
3/. create an FQDN of *.teamviewer-iot.com add to FQDN group
4/. create a firewall rule at the top of your rule list
b) Source LAN
c) source network
d) destination zone WAN
e) destination network - select Teamviewer from FQDN group
You can choose to log the traffic while you are testing, but afterwards I would disable the log.
I hope you find this helpful?
I will be starting another thread on how to block website using IPv6.
i tried you configuration but it doesn't work for me.
Is there any other configuration i need to apply?
Thanks a lot
when you review logviewer filtering on your test IP what do you see? I suspect that there are specific country servers that might be bypassing your firewall rule.
I could not find any, but looking at the web exception setting indicates there are other countries involved.