Manually allow teamviewer on NG (next-generation) firewalls?
Manually allow teamviewer on NG (next-generation) firewalls?
My firewall does SSL inspection. What domain or ip range should I manually allow?
Best Answer
-
Hi brgsousa,
Thank you for your post
The TeamViewer network includes more than 200 servers. Communication with the master cluster is done through DNS names; communication with the TeamViewer servers (routing server and KeepAlive server) is done directly via IP addresses.
Due to the fact that we are continuously upscaling our server network as the number of TeamViewer user grows, it is not possible to publish a list of current IP addresses, because this list would be outdated very soon.In order for TeamViewer to work properly, access to all TeamViewer servers has to be possible. The easiest way to achieve this is to open port 5938 (TCP) for outbound connections to any IP address. You can also add *.teamviewer.com to the whitelist.
Julia
Senior Support Engineer - 2nd level Support
Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button.6
Answers
-
Hi brgsousa,
Thank you for your post
The TeamViewer network includes more than 200 servers. Communication with the master cluster is done through DNS names; communication with the TeamViewer servers (routing server and KeepAlive server) is done directly via IP addresses.
Due to the fact that we are continuously upscaling our server network as the number of TeamViewer user grows, it is not possible to publish a list of current IP addresses, because this list would be outdated very soon.In order for TeamViewer to work properly, access to all TeamViewer servers has to be possible. The easiest way to achieve this is to open port 5938 (TCP) for outbound connections to any IP address. You can also add *.teamviewer.com to the whitelist.
Julia
Senior Support Engineer - 2nd level Support
Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button.6 -
Hi Julia,
thanks for the description. We are using Juniper and there is not possible to set a wildcard.
Is it possible to get the sbudomains? insted of the * star or do you have a hint for my configuration. I will open the firewall for outbound connection to your server.
regards Eugen
0 -
Dear eugenmartel,
Would it be possible to allow traffic to every address through port 5938? Only a very few programs are using this port.
Julia
Senior Support Engineer - 2nd level Support
Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button.0 -
Hi Julia, based on our security policy it is allowed only to knowen ips thats my problem.
juniper is allowing only direct ip, ip ranges or wildcard with subdomains like e.g. support.teamviewer.com or mail.teamviewer.com but not marked with a * if I am trying I will get an error every time.
do you see a chance here to get a sollution?
regards eugen
0 -
hi,
what about the the ports 80 and 443 which is required for mass deployment and management ? it's not possible to open direct access to internet... you should have provided users a list of domain/subdomain list or network info as you use azure services
0
