Balance 710 Blocking ALL incoming trafic


#1

If I need to keep out anybody using Teamviewer or any other remote control software from the outside, could I just block all incoming sessions somehow?

Trying to keep someone coming in and taking the network down.

Thanks


#2

Hi Charley,

As a general rule you can set the default inbound firewall rule to “Deny All” and just create new rules above it for any inbound services that you do want.

In the case of Teamviewer and other remote control applications you would also need to create outbound firewall rules to deny the traffic to the destination domain name or IP address. This can be a bit tricky because these applications can use multiple server farms and alternate domain names.


#3

Do I need to reboot the 710 after the change? I had somebody try and they came right into my system using Teamviewer!!


#4

Hi Charley,

I have done a simple test, with enabling the Outbound Firewall Rules specifying “teamviewer.com” as destination domain, my TeamViewer could not get connected. You may refer to below screenshot of the firewall settings.


FYI, TeamViewer is similar to those P2P application, which it will initiate outbound connection when it started, so you should apply outbound restriction rather than inbound control.

Hope this helps.

Thanks and regards.


#5

Hi,

You cannot do that with Peplink (this is not the purpose of Peplink). You need a URL filtering system for this. Especially for remote control software such as Teamviewer. You need a url filtering protection for HTTPS as well and protection on the application level so the system will understand that is the Teamviewer.

How it works: once the teamviewer application is installed, the client is Creating an HTTS connection to the teamviewer cloud. When the remote PC connects is connecting on the cloud and initiates the connection so the teamviewer cloud works as a middleman.

Teamviewer has many servers to connect so is almost impossible to block it by IP.
Since the initial connection during the setup or reboot is made FROM your computer you cannot block anything on the Peplink.