Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Block incoming TeamViewer connetions, but allow outgoing

I have a Fortigate 61F with FortiOS 7.0.3, and I would like to block all incoming TeamViewer connections. I have tried adding a rule with Application Control to the WAN > LAN interface, but it seems it's completely bypassed.


I can block and TeamViewer connections from LAN > WAN, but that's not really a solution for me, since I would like to allow TeamViewer connections from the inside to the outside.


Is it something that can be accomplished? I could not figure out a way yet.


Esteemed Contributor II

My understanding of Teamviewer is the session is always initiated from the client side. That's why they say " 70% of the cases a direct connection via UDP or TCP is established (even
behind standard gateways, NATs and firewalls). The rest of the connections are routed through our highly
redundant router network via TCP or http-tunnelling. You do not have to open any ports in order to work
with TeamViewer!

Esteemed Contributor II

Probably this link has more info including the TCP/UDP port numbers they use.


The problem with TeamViewer (and similar software) is that the client side will initiate a connection to the server and maintain it. If someone wants to connect to that specific TeamViewer, they will ALSO connect to the server, and the server basically joins up the sessions. There is no session initiated from the outside towards TeamViewer (there can't be, that would require the TeamViewer to have a public IP it can be reached on, OR a VIP on the FortiGate to pass the traffic through).
The pre-existing session (from inside to TeamViewer server) is simply taken over for screensharing.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++