- Create a firewall policy on top with destination choosing Internet Service -> Filter with the word 'TeamViewer' and choose 'TeamViewer-TeamViewer'.
- Action in firewall policy select 'DENY' and enable 'Log Violation Traffic'.
-
TeamViewer software on PC will show the message 'No connection to TeamViewer server'.
-
It is possible to view the deny log under the forward traffic log.
Below are the ports and URLs used by TeamViewer:
TCP/UDP 5938 (preferred).
TCP 443 (fallback).
TCP 80 (last resort).
master*.teamviewer.com.
router*.teamviewer.com.
recaptcha.net.
gstatic.com.
cookielaw.org.
To view the list of the IP address and port used by TeamViewer in the FortiGate CLI, use the following command:
diagnose internet-service id | grep -i TeamViewer-TeamViewer
diagnose internet-service id 1835117
Sample output from the FortiGate:
diagnose internet-service id | grep -i TeamViewer-TeamViewer
ID: 1835117 name: "TeamViewer-TeamViewer"
diagnose internet-service id 1835117
Internet Service: 1835117(TeamViewer-TeamViewer)
Version: 00007.04376
Timestamp: 202511171636
Number of Entries: 792
1.145.156.1-1.145.156.1 country(36) region(2026) city(14916) blocklist(0x0) reputation(4), popularity(5) domain(1212) botnet(0) proto(6) port(80 443 5938)
1.145.156.1-1.145.156.1 country(36) region(2026) city(14916) blocklist(0x0) reputation(4), popularity(5) domain(1212) botnet(0) proto(17) port(5938)
1.145.249.127-1.145.249.127 country(36) region(2026) city(14916) blocklist(0x0) reputation(4), popularity(5) domain(1212) botnet(0) proto(6) port(80 443 5938)
1.145.249.127-1.145.249.127 country(36) region(2026) city(14916) blocklist(0x0) reputation(4), popularity(5) domain(1212) botnet(0) proto(17) port(5938)
1.159.38.123-1.159.38.123 country(36) region(2026) city(14916) blocklist(0x0) reputation(4), popularity(5) domain(1212) botnet(0) proto(6) port(80 443 5938)
|
