This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block Teamviewer using Application Filter

Hi,

i try to block Teamviewer applying a specific application filter to my LanToWan rule.

I select Teamviewer Conferencing and Teamviewer File Transfer as Application filter criteria.

Team Viewer is still working. 

I check the patterns which are all updated.

Searching in Sophos Community i didn't find any indication which can help me.

Can someone show to me how can i block Teamviewer?

Thank you in advance



This thread was automatically locked due to age.
Parents
  • Hi,

    do you decrypt and scan enabled? Have you installed the ca on the offending pc?
    what other rules do you active that allow this pc to access the internet?

    are you using ips in the rule?

    and finally please check the TeamViewer exceptions are disabled.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    yes decrypt and scan is enabled and to test the block for Teamviewer i create a test Application filter.

    I not installed the CA yet and i use IPS rule.

    Using other vendors UTM i was able to select the single application to block from a panel, without deploy certificates and without using any other configuration.

    I made some test in Sophos XG and i was able to block  i.e. Whatsapp. The only thing i need to do is select the app filter for whatsapp and the game is on.

    Can you describe to me the correct sequence i need to apply at the XG configuration to use the correct blocking rules for Teamviewer, please?

    Many thanks

    Claudio

  • Hi Claudio,

    I installed team viewer and tried to block it using an application filter (TeamViewer is only a desktop application which uses web browser), that failed because team viewer users a web interface and needs web filters built to block it.

    If you you would like I will continue in the morning and post my suggested filter settings.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Thanks a lot for your help.

    I'll waiting for your indication, after you'll check the configuration.

    Regards

    Claudio

  • Hi Claudio,

    a caveat to my testing. I run both IP4 and IPv6 and due to limitation within the current XG version of IPv6 I am not able to block TeamViewer.

     

    I was able to block TeamViewer through IP4 firewall rules.

    Steps

    1/. create a FQDN group of teamviewer

    2/. create and FQDN of *.teamviewer.com add to FQDN group.

    3/. create an FQDN of *.teamviewer-iot.com add to FQDN group

    4/. create a firewall rule at the top of your rule list

    a) drop

    b) Source LAN

    c) source network 

    d) destination zone WAN

    e) destination network - select Teamviewer from FQDN group

    f). save

    You can choose to log the traffic while you are testing, but afterwards I would disable the log.

    I hope you find this helpful?

    I will be starting another thread on how to block website using IPv6.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    i tried you configuration but it doesn't work for me.

    Is there any other configuration i need to apply?

    Thanks a lot

    Claudio

  • Hi Claudio,

    when you review logviewer filtering on your test IP what do you see? I suspect that there are specific country servers that might be bypassing your firewall rule.

    I could not find any, but looking at the web exception setting indicates there are other countries involved.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    i find the solutiion visiting the community portal, under this Knowledge Base page:https://community.sophos.com/kb/en-us/123078

    In the past days i tried to use a logical way of thinking. I have a lan to wan rule and i applied to it the app filter i create. I thought this was the logical way to use the block of applications.

    The KB i found explain the way is to add a new firewall rule, in which you need to accept and don't deny the use of the application filter. I create this new rule and i give to it the top position. Then i add the filter and i was able to block Teamviewer in my LAN.

    In this way all my traffic was blocked. So i push the rule at the last position of my rules group and the game is done.

    Sophos Knowledge Base is a good way to find solutions. Just one suggest for the editorial staff. For me the Community homepage is not friendly and doesn't give access immeditaely to these good informations.

    Thank you for your help

    Claudio

  • Hi Claudio,

    that doesn’t quite make sense to me because there is no teamviewer application in the XG list.

    what did you use for teamviewer in the application policy?
    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    i use TeamViewer Conferencing and TeamViewer FileTransfer.

    Claudio

  • I will try them on my ipv6 policies.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    removed my firewall rule and all the FQDNs I created, added the two applications. Result unable to sign in using the signing panel, but f you click on the pilot url at the bottom right of the team viewer page you can login.

    I will add my block firewall back and see what happens.

     

    Ian

    The application filter blocked the IPv6 traffic and firewall rule blocked the IP4 traffic.

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi,

    removed my firewall rule and all the FQDNs I created, added the two applications. Result unable to sign in using the signing panel, but f you click on the pilot url at the bottom right of the team viewer page you can login.

    I will add my block firewall back and see what happens.

     

    Ian

    The application filter blocked the IPv6 traffic and firewall rule blocked the IP4 traffic.

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • Hi,

    I added my reject firewall rule and I can get the teamviewer management console but no further

    I might have been little hasty with my test after the firewall rule was added, I cannot access the login pages anymore using the application  to create a new sign.

     

    Ian

    This is failure in both IP4 and IPv6 connection attempts.

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.