firewallregel mit ziel *.domain.de

Question

hallo, 
 ich bin relativ neu mit dem UTM unterwegs und m&ouml;chte per firewallregel aus einem abgeschotteten netzwerk dediziert eine domain mit subdomains freigeben. 
 konkret m&ouml;chte ich die teamviewernutzung erlauben, was 5938 tcp erfordert. will aber das ziel *.teamviewer.com mit angeben, um den offenen port halbwegs einzuschr&auml;nken. 
 hat mir jemand einen tip wie ich das hinbekomme? 
 
 vg 
 christian

apijnappels · Answer

Entschuldiging f&uuml;r meine Englishe antwort, aber mein Deutsch ist nicht so gut. 
 
 Teamviewer uses outgoing TCP 5938 as you already told, but it also uses ports 80 and 443 (web traffic). Those are used on multiple *.teamviewer.com domains. 
 In my recent logs I find the following host names: 
 client.teamviewer.com get.teamviewer.com download.teamviewer.com login.teamviewer.com downloadeu2.teamviewer.com iframe-auth.teamviewer.com wsp.teamviewer..com www.teamviewer.com There may be other hostnames which I have overlooked or that are not found in my own logfiles. You can use the hostnames as DNS-host definitions in your firewall using port 5938 (and if you're not using webfiltering also for ports 80 and 443, but you will most likely allow a lot more traffic on these two ports). 
 Beware tough that hostnames could change just as it suits Teamviewer. On their site I can only find the portnumbers, no hostnames, so what works now may not work in the future.