Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BlackIce
New Contributor

Created on ‎12-28-2021 07:13 AM

Block incoming TeamViewer connetions, but allow outgoing

I have a Fortigate 61F with FortiOS 7.0.3, and I would like to block all incoming TeamViewer connections. I have tried adding a rule with Application Control to the WAN > LAN interface, but it seems it's completely bypassed.

 

I can block and TeamViewer connections from LAN > WAN, but that's not really a solution for me, since I would like to allow TeamViewer connections from the inside to the outside.

 

Is it something that can be accomplished? I could not figure out a way yet.

 

Labels:
5231
0 Kudos
3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-28-2021 01:42 PM

My understanding of Teamviewer is the session is always initiated from the client side. That's why they say " ...in 70% of the cases a direct connection via UDP or TCP is established (even
behind standard gateways, NATs and firewalls). The rest of the connections are routed through our highly
redundant router network via TCP or http-tunnelling. You do not have to open any ports in order to work
with TeamViewer!"


https://dl.teamviewer.com/docs/en/TeamViewer_SecurityStatement_en.pdf

5130
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-28-2021 01:46 PM

Probably this link has more info including the TCP/UDP port numbers they use.


https://www.teamviewer.com/en-us/trust-center/security/

5128
0 Kudos
Debbie_FTNT
Staff
Staff

Created on ‎12-29-2021 12:49 AM

The problem with TeamViewer (and similar software) is that the client side will initiate a connection to the server and maintain it. If someone wants to connect to that specific TeamViewer, they will ALSO connect to the server, and the server basically joins up the sessions. There is no session initiated from the outside towards TeamViewer (there can't be, that would require the TeamViewer to have a public IP it can be reached on, OR a VIP on the FortiGate to pass the traffic through).
The pre-existing session (from inside to TeamViewer server) is simply taken over for screensharing.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
5107
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.