Block incoming TeamViewer connetions, but allow outgoing
I have a Fortigate 61F with FortiOS 7.0.3, and I would like to block all incoming TeamViewer connections. I have tried adding a rule with Application Control to the WAN > LAN interface, but it seems it's completely bypassed.
I can block and TeamViewer connections from LAN > WAN, but that's not really a solution for me, since I would like to allow TeamViewer connections from the inside to the outside.
Is it something that can be accomplished? I could not figure out a way yet.
My understanding of Teamviewer is the session is always initiated from the client side. That's why they say " ...in 70% of the cases a direct connection via UDP or TCP is established (even behind standard gateways, NATs and firewalls). The rest of the connections are routed through our highly redundant router network via TCP or http-tunnelling. You do not have to open any ports in order to work with TeamViewer!"
The problem with TeamViewer (and similar software) is that the client side will initiate a connection to the server and maintain it. If someone wants to connect to that specific TeamViewer, they will ALSO connect to the server, and the server basically joins up the sessions. There is no session initiated from the outside towards TeamViewer (there can't be, that would require the TeamViewer to have a public IP it can be reached on, OR a VIP on the FortiGate to pass the traffic through). The pre-existing session (from inside to TeamViewer server) is simply taken over for screensharing.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++