Has anyone successfully blocked Teamviewer on the MX? I have a security issue with a previous vendor and I need to block it in totality, however, neither blocking *@teamviewer.com, port 5938, nor 178.77.120.0/24 work.
There is also no built-in layer 7 rule for it unlike G2A, LogMeIn, VNC, etc.
Should that be *.TeamViewer.com ?
You're correct, and that's what I have in my L3 rules, however, my brain apparently is still in weekend mode and did not allow me to type that correctly in the post.
I'm not aware of any easy way to do this.
With port 5938 blocked, it will fallback to port 443 or 80.
You can try to block all of the Ip addresses of the TeamViewer cloud brokers but there's no guarantee they won't just change at some point.
I think you're better off changing the password and security code on the computers with TeamViewer installed to block access to the vendor. Otherwise you could restrict computers from installing or running TeamViewer via an MDM solution
Found this as well, maybe another help, Activedirecty domain:
Teamviewer Subnets seem to change a lot, and also saw a community post from them where they deleted all IPs which were posted 😮
I think your rule should work after the clients are next rebooted.
If you go into Security & SD-WAN under the layer 7 firewall rules you can add a layer 7 rule to block countries: Germany. None of the Teamviewer clients will be able to connect at that point, but it will only apply to the clients on your network the MX is on.