06-26-2012 10:37 AM - edited 03-11-2019 04:23 PM
Hi Experts
I have the below policy-Map in my firewall,according to this policy map please how can i block teamvirewer via asa 5520, i don't want the outside users to connect using teamviewer to their servers which is already ready up for teamviewer actions
i want to allow only 1 ip address to use team viewer (172.30.30.100)
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect h323 h225
inspect sqlnet
inspect netbios
inspect tftp
inspect sip
inspect ftp
!
service-policy global_policy global
thanks
jamil
07-02-2012 12:40 AM
Hi Jamil
Block 5938 port on firewall !!! that can help..
Regards
Fareed
07-06-2012 01:31 AM
Hi
where to Apply the ACL? inside or outside?pls mention the syntax
thanks
06-22-2018 12:14 PM
Inside.
07-06-2012 03:58 AM
That won't work. Teamviewer is designed to work through Firewalls and Proxys:
http://www.teamviewer.com/en/help/9-Does-it-work-behind-firewalls-proxy-server-and-NAT-routers.aspx
http://www.teamviewer.com/en/help/334-Which-ports-are-used-by-TeamViewer.aspx
The following could work:
1) Block all Teamviewer-IPs for your network.
2) Restrict the outgoing traffic and send everything through a proxy which also can inspect SSL. There you should be able to filter on the communication.
07-06-2012 05:04 AM
Hi Karstein
pls provide me the full configuration to block teamviewer along with the verification
thanks
07-28-2012 01:01 PM
Hi Bro
TeamViewer (TV) is application that used to create remote access connection to PC anywhere. Even if the PC located behind the firewall. TV client using port 80 for the outbound connection, it is difficult to block using port basis. So, because TV client must be connected first to the TV server, we can use another aproach, that is blocking every dns request for the *.teamviewer.com and/or *.dyngate.com.
So, these are the configuration if we use Cisco ASA Firewall (i am using OS ver 8.x):
regex TV-RGX “\.teamviewer\.com”
regex DG-RGX “\.dyngate\.com”
class-map type regex match-any TV-CLS
match regex DG-RGX
match regex TV-RGX
policy-map type inspect dns TV-PLC
parameters
message-length maximum 512
match domain-name regex class TV-CLS
drop
policy-map global_policy
class inspection_default
inspect dns TV-PLC
service-policy global_policy global
P/S: If you think this comment is useful, please do rate them nicely :-)
08-07-2012 08:11 AM
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide