Best practices for network configuration in a Conditional Access environment

Modified on Tue, 12 Nov at 12:08 PM

Best practices for network configuration in a Conditional Access environment

The following article provides guidance on how to set up your network if you are using the TeamViewer Conditional Access feature. Please take into account the two situations outlined below, which depend on whether your network allows the TeamViewer domain.

This article applies to Tensor customers, who purchased the Conditional Access add-on.

Scenario 1: the teamviewer.com domain is allowed within your infrastructure

In this case, please block the following DNS addresses and ports:

Description	Address	Port(s) type	Port(s)
Blocks traffic to generic TeamViewer routers	router*.teamviewer.com	TCP and UDP	5938, 443 and 80
Blocks traffic to generic TeamViewer routers	*router.teamviewer.com	TCP and UDP	5938, 443 and 80
Blocks traffic to generic TeamViewer routers	router*.teamviewer.cn	TCP and UDP	5938, 443 and 80
Blocks traffic to generic TeamViewer routers	*router.teamviewer.cn	TCP and UDP	5938, 443 and 80

Please allow the outbound traffic to your TeamViewer Conditional Access router(s):

Description	Address	Port(s) type	Port(s)
Access to your dedicated Conditional Access router(s)	YourDedicatedRouters.carouter.teamviewer.com	TCP and UDP	5938, 443 and 80

Important note: If your firewall does not support wildcards (*), please consider scenario 2.

Scenario 2: the teamviewer.com domain is blocked within your infrastructure

In this case, please allow the following:

TeamViewer services

Description	Address	Port type	Port
Access to the TeamViewer Community	community.teamviewer.com	TCP	443
Access to the TeamViewer Support portal (create and manage support tickets)	support.teamviewer.com	TCP	443
Access to the TeamViewer web app	web.teamviewer.com	TCP	443
Access to the TeamViewer Management Console	login.teamviewer.com	TCP	443
Access to the TeamViewer sign in portal	account.teamviewer.com	TCP	443
Access to profile pictures	profilepicturedl.teamviewer.com	TCP	443
Access to data collector	console-datacollector.teamviewer.com	TCP	443
Access to client downloads, installations and updates	download.teamviewer.com	TCP	443
Access to custom modules	get.teamviewer.com	TCP	443
Access to module customization	customdesignservice.teamviewer.com	TCP	443
Ability to download custom modules	configdl.teamviewer.com	TCP	443
Ability to start session via the web app (https://start.teamviewer.com/)	start.teamviewer.com	TCP	443
Access to session via QuickSupport	quicksupport.me	TCP	443
Access to TeamViewer webapi	webapi.teamviewer.com	TCP	443
Access to TeamViewer webapi	hapi.teamviewer.com	TCP	443
Access to TeamViewer SSO	sso.teamviewer.com	TCP	443
Access to the Microsoft Teams integration	msteams-integration.teamviewer.com	TCP	443
Access to Management Console services	client.teamviewer.com	TCP	443
Access to client downloads, installations and updates	dl.teamviewer.com	TCP	443

TeamViewer session services

Description	Address	Port(s) type	Port(s)
Access to your dedicated Conditional Access router(s)	YourDedicatedRouters.carouter.teamviewer.com	TCP and UDP	5938, 443 and 80