Hi Harish

I Tried the below config as y suggested , but users still have TV access,pls examine it and help

class-map type regex match-any TV-CLS

match regex DG-RGX

match regex TV-RGX

class-map type inspect http match-any block-TV-DG

match request uri regex class TV-CLS

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map type inspect http block-TV-DG

parameters

class block-TV-DG

  drop-connection log

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect netbios

  inspect tftp

  inspect sip 

  inspect ftp

  inspect http block-TV-DG

Hello Ibrahim,

The above configuration only blocks the URL teamviewer which is going over port 80  . It doesnt Block your application. In order to block you application you need to block the dns traffic towards teamviwer but still a client with  hardcoded server IP can access the application..

For DNS blocking you can use the previous config you  have used , in order to avoid the error which you were getting earlier, you need to remove the default dns inspection and add you customozed inspection as follows

policy-map global_policy

class inspection_default

no inspect dns preset_dns_map

inspect dns TV-PLC

Harish

Hi Harish

Also it didnt work, pls ur advise

Hello Ibrahim,

Please change your regex as follows

regex TV-RGX "\teamviewer\.com"

regex DG-RGX "\dyngate\.com"

dot (.)  before the name is not required in your case.. 

Hi Harish

it doesn't work , PLs post me the working config

Thanks

Ibrahim

Please find the attached working configuration

regex TV-RGX “\teamviewer\.com”

regex DG-RGX “\dyngate\.com”

class-map type regex match-any TV-CLS

match regex DG-RGX

match regex TV-RGX

policy-map type inspect dns TV-PLC

parameters

match domain-name regex class TV-CLS

drop

policy-map global_policy

class inspection_default

no   inspect dns preset_dns_map

inspect dns TV-PLC

clear local-host all

If you are still facing issue, the client may not be using the server mentioned or not proper name mentioned

regards

Harish.

Hi Haish

what do y mean by below?

If you are still facing issue, the client may not be using the server mentioned or not proper name mentioned

thanks

Hello Ibrahim,

What I am trying to say, is the filtering what we have in place in fine as long as your application uses the name teamviewer.com for connecting.

Can you ping to  teamviewer.com from one of your PC and see whether you are able to resolve the IP

ping teamviewer.com

Also please do share the latest configuration as well

regards

Harish.

Hi Harish

thanks for ur reply,i have applied ur config , but it didnt work,,

please find attachments,

Related to ping to teamviwer as below:

Pinging teamviewer.com [46.163.100.220] with 32 bytes of data:

Hello Ibrahim,

Please share the latest config

regards

Harish

Hello Ibrahim,

Please change the regex as follows

regex TV-RGX ".*\.teamviewer\.com"

regex DG-RGX “.*\.dyngate\.com”

If that doesnt help,  the application might be using some other domain names. You can run a wire shark on the PC where you have teamviewer installed and try to find out the domain name. then block according to that. I am sure they will be using different domain names at different timings.. the Above regex block whatever domain starts xxx.teamviewer.com.. like for example in my pc it was ' master3.teamviewer.com'

regards

Harish.

Hi Harish

in the below lines do i need to put the " "  and “ ”

regex TV-RGX ".*\.teamviewer\.com"

regex DG-RGX “.*\.dyngate\.com”

Thanks

Not required as you are matching both these regex in the class-map  TV-CLS

also, once you changed this, you should  not be able to ping as follows from any PC

ping www.teamviewer.com

regards

Harish