Block application like teamviewer from internet to LAN

xkp68

Hi,
which is the way to block an application (like for example teamviewer) so that people cannot reach the LAN using it from outside?
I have created a rule in "policy control" to deny traffic from WAN to any on the service TEAMVIEWER which is a group of TCP and UDP Ports: 80, 443, 5938.


But still i am able to enter using teamviewer from outside my lan and no log appears in the log.
Any advice or suggestion?
Thanks in advance.
Filippo

PeterUK

The teamviewer does not ack like a server so WAN to LAN blocking will not work.

The way teamviewer works is both ends connect to a server (well many servers) so the firewall rule is LAN to WAN then when one end wants to connect to the other it goes by the server then to the other end using the LAN to WAN connection the other end made so not to be WAN to LAN.

And what make teamviewer worse and without a option to say other wise is it falls back to port 443 so you would have to block port 443 for LAN to WAN which as you know is needed to load web sites.

What you can do is make a address FQDN with *teamviewer.com from LAN to WAN destination *teamviewer.com that way it stops connecting out but if you was hoping to use teamviewer to control remote computer you can't.

Zyxel_Jeff

Hi @xkp68

We don’t suggest you using TCP80, TCP443, TCP5938, UDP5938 as a group to block teamviewer application.

Because that will impact your other applications for TCP80, TCP443, TCP5938, UDP5938 ports. 

On ATP model you can use app patrol to block teamviewer.

You can refer to the following instruction:

STEP1. Navigate to Configuration > Security Service > App Patrol > Add a profile > Search teamviewer keyword and add it

STEP2. Set Action to drop and log alert information.

You can apply this profile to current security policy or choose No to add a new security.

STEP3.

To add a new security policy to block teamviewer application.

STEP4.

Open teamviewer on yor PC and check log will appear drop teamviewer message.