Block application like teamviewer from internet to LAN

xkp68
xkp68 Posts: 26  Freshman Member
First Comment Second Anniversary
edited April 2021 in Security
Hi,
which is the way to block an application (like for example teamviewer) so that people cannot reach the LAN using it from outside?
I have created a rule in "policy control" to deny traffic from WAN to any on the service TEAMVIEWER which is a group of TCP and UDP Ports: 80, 443, 5938.


But still i am able to enter using teamviewer from outside my lan and no log appears in the log.
Any advice or suggestion?
Thanks in advance.
Filippo


All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited February 2021

    The teamviewer does not ack like a server so WAN to LAN blocking will not work.

    The way teamviewer works is both ends connect to a server (well many servers) so the firewall rule is LAN to WAN then when one end wants to connect to the other it goes by the server then to the other end using the LAN to WAN connection the other end made so not to be WAN to LAN.

    And what make teamviewer worse and without a option to say other wise is it falls back to port 443 so you would have to block port 443 for LAN to WAN which as you know is needed to load web sites.

    What you can do is make a address FQDN with *teamviewer.com from LAN to WAN destination *teamviewer.com that way it stops connecting out but if you was hoping to use teamviewer to control remote computer you can't.


  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,251  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    We don’t suggest you using TCP80, TCP443, TCP5938, UDP5938 as a group to block teamviewer application.
    Because that will impact your other applications for TCP80, TCP443, TCP5938, UDP5938 ports. 
    On ATP model you can use app patrol to block teamviewer.
    You can refer to the following instruction:

    STEP1. Navigate to Configuration > Security Service > App Patrol > Add a profile > Search teamviewer keyword and add it


    STEP2. Set Action to drop and log alert information.



    You can apply this profile to current security policy or choose No to add a new security.



    STEP3.

    To add a new security policy to block teamviewer application.


    STEP4.

    Open teamviewer on yor PC and check log will appear drop teamviewer message.





    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Security Highlight