[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2082
  • Last Modified:

completely block TeamViewer For FortiGate

Hi.....
I need to completely block team access from outside to internal clients. I need to make sure in my network that no on uses team viewer in my network

i have Fortigate 300D
0
Mansour
Asked:
Mansour
4 Solutions
 
arnoldCommented:
Identify their IP range, and block outgoing traffic to that destination.

Adding the destination with a log event....

A simpler option in an AD environment, setup a software restriction GPO blocking the running of teamviewr.exe.
Note it will not prevent a determined individual from adjusting the application name, runn.........
0
 
QlemoDeveloperCommented:
Blocking all IPs is hard to do, there are a lot of TeamViewer servers ...
Blocking the EXE itself is more promising, though easy to circumvent.
Anything else requires to analyze the traffic - very difficult, in particular with SSL.
0
 
Dr. KlahnPrincipal Software EngineerCommented:
This page has a detailed explanation of one user's approach, which also short-circuits TeamViewer's fallback strategy of tunneling using port 80.

https://mediarealm.com.au/articles/2014/10/block-teamviewer-network/

However, as Qlemo points out above, if the application now tries to circumvent DNS blocking by using servers outside the teamviewer.com domain, it will probably be necessary to block the executable and hope none of your users are smart enough to rename it.
0
 
Muhammad MullaCommented:
Under Application Control on your Fortigate, you will find 3 different signatures for TeamViewer in the Remote.Access category.

Block all of them under application overrides.
0
 
Dr. KlahnPrincipal Software EngineerCommented:
EE email requested stale question closure.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now