TeamViewer is designed to connect easily to remote computers without any special firewall configurations being necessary.
This article applies to all users in all licenses.
In the vast majority of cases, TeamViewer will always work if surfing on the internet is possible. TeamViewer makes outbound connections to the internet, which are usually not blocked by firewalls.
However, in some situations, for example in a corporate environment with strict security policies, a firewall might be set up to block all unknown outbound connections, and in this case, you will need to configure the firewall to allow TeamViewer to connect out through it.
TeamViewer ports
These are the ports that TeamViewer needs to use:
TCP/UDP port 5938
TeamViewer prefers to make outbound TCP and UDP connections over port 5938 – this is the primary port it uses, and TeamViewer performs best using this port. Your firewall should allow this at a minimum.
TCP port 443
If TeamViewer can’t connect over port 5938, it will next try to connect over TCP port 443.
However, our mobile apps running on iOS and Windows Mobile don't use port 443.
Note: Port 443 is also used by our custom modules which are created in the Management Console. If you’re deploying a custom module, eg. through Group Policy, then you need to ensure that port 443 is open on the computers to which you’re deploying. Port 443 is also used for a few other things, including TeamViewer update checks.
TCP port 80
If TeamViewer can’t connect over port 5938 or 443, then it will try on TCP port 80. The connection speed over this port is slower and less reliable than ports 5938 or 443, due to the additional overhead it uses, and there is no automatic reconnection if the connection is temporarily lost. For this reason, port 80 is only used as a last resort.
Our mobile apps running on Windows Mobile don't use port 80. However, our iOS and Android apps can use port 80 if necessary.
Destination IP addresses
The TeamViewer software makes connections to our servers located around the world. These servers use a number of different IP address ranges, which are also frequently changing. As such, we are unable to provide a list of our server IPs. However, all of our IP addresses have PTR records that resolve to *.teamviewer.com. You can use this to restrict the destination IP addresses that you allow through your firewall or proxy server.
Having said that, from a security point-of-view, this should not really be necessary – TeamViewer only ever initiates outgoing data connections through a firewall, so it is sufficient to simply block all incoming connections on your firewall and only allow outgoing connections over port 5938, regardless of the destination IP address.
Ports used for incoming and outgoing connections
For incoming connections, all three ports are open, but only port 5938 is used.
For outgoing connections, all three ports are open and used.
Ports used per operating system
Note: You might see different ports being used within your network surveillance tools due to the nature of peer-to-peer connections — they don't work with a specific port, they work by finding a free port and then sending packets out on it.
URLs
To ensure the proper functionality of the new interface (not needed for TeamViewer Classic), the following URLs need to be accessible. Please update your infrastructure to allow access to the following domains:
- www.recaptcha.net – Required for reCAPTCHA verification
- www.gstatic.com – Used alongside reCAPTCHA
- cdn.cookielaw.org – Required for the cookie banner