Need to block chrome-remote-desktop from outside coming in

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Need to block chrome-remote-desktop from outside coming in

L0 Member

I've been on this project for a few days with no semi-success.  

i have a PA VM-200.  I've used the built-in 'chrome-remote-desktop' protocol, and doesn't work.  The description seems to say this protocol is in BETA and is for the support function fo the chrome-remote-desktop.

 

ive tried blocking the following ip addresses/networks

172.217.0.0/16

216.58.0.0/16

 source-ips.jpgservice-url Category.jpglog1.jpglog2.jpgsecurity_policy.jpg

i've also tried doing a registry edit on one workstation 

Set HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\RemoteAccessHostFirewallTraversal to 0

and then blocking UDP 12400-12409.  This seems to be working, but I don't want to apply this to all the workstations.

 

another method i read was to blackhole DNS chromoting-host.talkgadget.google.com, but how do i do this on my firewall?

 

has anyone successfuly blocked Chrome Remote Desktop from the outside in, but also allow Chrome Remote Desktop going out?

1 REPLY 1

L6 Presenter

Ok, i don't know exactly how chrome remote desktop works.

 

But i'm guessing it's similar to TeamViewer where client connects to central server? In that case TCP connection goes only from client to internet server, but later desktop sharing can work in both ways. So you can't block TeamViewer only in one direction.

 

If it works in different way with both sides starting (TCP) connections, then you would have to allow connections from internet to local network, and made an apropriate NAT rule as well. So you can block it simply by not allowing this traffic.

However this would limit the use of application a lot. So I'd say it works similar to TeamViewer and you can't block it only in one direction. Just guessing tho.

 

  • 6096 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!