TeamViewer Agentless Access allows you to securely access devices within segmented networks and complex infrastructures by acting as a gateway to access endpoint devices. These access endpoints behave like any other managed device, each with its own TeamViewer ID, manager assignments, and support for Conditional Access rules.
This guide walks you through the one-time setup required to configure an access gateway in your environment.
This article applies to all TeamViewer Tensor license holders who purchased the Agentless Access add-on.
Prerequisites
Before setting up your access gateway, ensure the following prerequisites are met:
1. Identify the location of the access gateway within your network segment and security layer.
2. Decide whether to use a physical or virtual machine.
3. Install a Linux-based gateway (recommended: Debian-based system).
4. Install Podman (version 4 or higher) on the gateway machine.
5. Copy the access endpoint-base-image to the access gateway machine.
Please contact your TeamViewer contact person to ensure you get the right base image.
6. Load the image into Podman container storage:
podman load -i jumptarget-base-image.tar
After loading the image, note and save the values of REPOSITORY and TAG for later usage. These will be needed for the setup.
7. Start the Podman REST interface:
podman system service --time=0 &
How to set up the access gateway
1. Install and assign the TeamViewer Embedded agent
To download and install the TeamViewer agent, please follow the instructions as described here: Install the Embedded agent on a device
Assign the agent using your token or rollout configuration:
sudo teamviewer-iot-agent assign <token or rollout-configuration>
2. Stop the TeamViewer Embedded agent
Stop the TeamViewer Embedded agent using the following command:
sudo teamviewer-iot-agent stop
3. Apply the access gateway-specific configuration
Edit the global configuration file:
sudo nano /var/lib/teamviewer-iot-agent/global.conf
And add the following lines at the end of the file:
[int32] EnableAgentlessAccess = 1[strng] AccessEndpointContainerImageName = "localhost/teamviewer-jump-target:latest"[strng] PodmanRestApiBaseUrl = "http://localhost:8080/"If Conditional Access is required, add:
[strng] ConditionalAccessServers = <Server1> <Server2>
Save and close the file.
4. Restart the TeamViewer Embedded agent
Restart the TeamViewer Embedded agent with the following command:
sudo teamviewer-iot-agent start
5. Enable the access gateway UI in the TeamViewer client
To enable the access gateway UI in the TeamViewer client, please contact your TeamViewer contact person.
6. Set company permissions
To allow the administration of access gateway devices:
- Open TeamViewer and go to Admin settings.
- Under User management, go to Roles.
- Edit the Company administrator role.
- Enable the following permissions:
- Company management
- Settings
- Edit
- Delete company
- Company management
Your access gateway is now successfully set up and ready to manage access endpoint devices.
To verify that the setup was successful, open the TeamViewer client UI and navigate to the Agentless Access management view. There, you should see your newly configured access gateway listed among the managed devices.