Local Authentication Server

I maintain a group of sensitive production equipment, equipment that is largely vendor supported.  I need the access to Teamviewer at all times for both my team as well as our vendors.  HOWEVER, I need to be able to restrict web access as much as possible to these machines, which is very difficult to do due to the wide and differing ranges of IP's I need to allow for Teamviewer functionality.  Is there a way around this?

I think I also remember reading somewhere some time ago about my enterprise hosting our own Teamviewer authentication server, which means I could limit web access to that one specific IP only.  Can this be done?