Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 29 subscribers
  • Views 63863 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow Teamviewer through the firewall?

Ruben H�land

Hello!

I've recently upgraded from UTM 9.4 to XG at home.

On setup I set the default firewall policy to "Accept any service going to "WAN" zone, when in "LAN" zone, and coming from any network".

This allows for a bit much in my opinion, so I disabled it. As soon as I did though, my Teamviewer hosts went offline.

I tried allowing for http and https but they still wont come up with a Partner ID.

As soon as i switch to "Any" on services, they all come up at the very second i enable the rule.

What am I missing?

My port forwards on remote desktop still works.

 

All articles I find is about blocking teamviewer. I need it open.

 

 

Also, the UTM 9.4 had a checklist of what services you wanted to be allowed in the FW by default when setting it up. 

I could not find anything similar on the XG, except for the #Default_Network_Policy[ ID : 1 ] (LAN-->WAN-->ANY rule) which I have now disabled.

 

Is that correct?

If so, I should not be able to browse the web now, as I have not opened up for http\s, but I can.

Is there a "hidden" set of rules that are always enabled\open ?

 

Thanks in advance.



This thread was automatically locked due to age.
  • 0

    Ruben,

    a simple rule where you allow HTTP/HTTPS is enough to allow Team Viewer and any other services running on HTTP/HTTPS to work. Pay attention with Application and Web Filter rules applied.
    In my case, team viewer is working without a needed rule.

    If you have trouble, consult the log viewer to check what traffic/application is blocked.

    Thanks

  • 0

    Hi Ruben , 

    As mentioned by  , you would need to check the URL the Team Viewer is connected . You may use a Test machine and monitor the traffic it is using .

    Step 1: Check the Web filter logs for that Test system and create a FQDN rule or Allow in Web filter . 

    Step 2: Allow port 80 HTTP, port 443 HTTPs is also being checked. In addition, it is also possible to open only port 5938 TCP on the outgoing side (required for mobile connections)

    Step 3: Apply the Restriction needed and check if its not getting blocked in Log Viewer. 

    Follow these Steps and you may filter the necessary URL required and also disable HTTPS decryption for these URLS . You may add in HTTPS Scanning Exceptions of needed to be Enabled. 

    Thanks and Regards

    Aditya Patel | Network and Security Engineer.

  • +1 in reply to Aditya Patel

    Finally got around to testing a bit. 

     

    Figured out what my problem was, I used 5938 instead of 1:65535 on source port. *facepalm*

     

    Also discovered that "Diagnostics\Packet Capture" is a nifty tool for troubleshooting.

     

    Thank you for the pointers.