how to block TeamViewer via the ProxySG
search cancel

how to block TeamViewer via the ProxySG


Article ID: 166272


Updated On:


ProxySG Software - SGOS


You want to block TeamViewer using the ProxySG



In general, TeamViewer will always work if surfing on the Internet is possible. Hence, no firewall configuration is required. As an alternative to port 80 HTTP, port 443 HTTPs is also checked. It is also possible to open only port 5938 TCP on the outgoing side. Data traffic should then be able to pass through on this port without any problems.

TeamViewer will try to connect on port 80 and 443, and will start using port 5938 to continue its data communication.

To block TeamViewer, do the following.

  1. Create a proxy service via Configuration > Services > Proxy Services > Standard > New Service; give a name to the service such as "teamviewer." At Service Group. select Standard, at Proxy Settings select TCP Tunnel, and make sure to check the Detect Protocol box. Under Listerners, click New, and select Source: ALL, Destination: ALL, Port range:  5938 and Action: Intercept.
  2. In the VPM, create a rule to block teamviewer. Go to Web Access Layer; for Source choose by user/group/ip/subnet or Any as required. For Destination, click Set > New > Combined object, then give the combined object a name. Click New again; for Request URL, select Regex, type "teamviewer" in the box, and click Ok. Next, add that rule to the right on that Combined object at the top. Then, click New again, select Destination host/port, type "5938" at the Port, and leave Host blank. Click Ok, then add to the top right of the Combined object, where the Request URL is, click Ok and Ok, and you have the rule set. Under Actions, select DENY.