Highlighted
Posted by brgsousa
Photon

Manually allow teamviewer on NG (next-generation) firewalls?

Manually allow teamviewer on NG (next-generation) firewalls?

My firewall does SSL inspection. What domain or ip range should I manually allow?

1 Accepted Solution

Accepted Solutions
Posted by TeamViewer Staff
TeamViewer Staff
Solution

Re: Manually allow teamviewer on NG (next-generation) firewalls?

Hi brgsousa,

Thank you for your post :)

The TeamViewer network includes more than 200 servers. Communication with the master cluster is done through DNS names; communication with the TeamViewer servers (routing server and KeepAlive server) is done directly via IP addresses. 
Due to the fact that we are continuously upscaling our server network as the number of TeamViewer user grows, it is not possible to publish a list of current IP addresses, because this list would be outdated very soon.

In order for TeamViewer to work properly, access to all TeamViewer servers has to be possible. The easiest way to achieve this is to open port 5938 (TCP) for outbound connections to any IP address. You can also add *.teamviewer.com to the whitelist.

Julia
Senior Support Engineer - 2nd level Support
Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button.

View solution in original post

4 Replies
5 Replies
Posted by TeamViewer Staff
TeamViewer Staff
Solution

Re: Manually allow teamviewer on NG (next-generation) firewalls?

Hi brgsousa,

Thank you for your post :)

The TeamViewer network includes more than 200 servers. Communication with the master cluster is done through DNS names; communication with the TeamViewer servers (routing server and KeepAlive server) is done directly via IP addresses. 
Due to the fact that we are continuously upscaling our server network as the number of TeamViewer user grows, it is not possible to publish a list of current IP addresses, because this list would be outdated very soon.

In order for TeamViewer to work properly, access to all TeamViewer servers has to be possible. The easiest way to achieve this is to open port 5938 (TCP) for outbound connections to any IP address. You can also add *.teamviewer.com to the whitelist.

Julia
Senior Support Engineer - 2nd level Support
Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button.

View solution in original post

4 Replies
Highlighted
Posted by eugenmartel
Henagon

Re: Manually allow teamviewer on NG (next-generation) firewalls?

Hi Julia,

thanks for the description. We are using Juniper and there is not possible to set a wildcard.

Is it possible to get the sbudomains? insted of the * star or do you have a hint for my configuration. I will open the firewall for outbound connection to your server.

regards Eugen

Highlighted
Posted by TeamViewer Staff
TeamViewer Staff

Re: Manually allow teamviewer on NG (next-generation) firewalls?

Dear eugenmartel,

Would it be possible to allow traffic to every address through port 5938? Only a very few programs are using this port.

Julia
Senior Support Engineer - 2nd level Support
Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button.
Highlighted
Posted by eugenmartel
Henagon

Re: Manually allow teamviewer on NG (next-generation) firewalls?

Hi Julia, based on our security policy it is allowed only to knowen ips thats my problem.

juniper is allowing only direct ip, ip ranges or wildcard with subdomains like e.g. support.teamviewer.com or mail.teamviewer.com but not marked with a * if I am trying I will get an error every time.

do you see a chance here to get a sollution? 

regards eugen

Highlighted
Posted by balpay
Electron

Re: Manually allow teamviewer on NG (next-generation) firewalls?

hi,

what about the the ports 80 and 443 which is required for mass deployment and management ? it's not possible to open direct access to internet... you should have provided users a list of domain/subdomain list or network info as you use azure services