This article applies to:

• SWG 9.x
• SWG 10.0

Question:

• I want to block remote access clients, like TeamviewerQS (Quick Support), but the URL Category "Remote Access" is not available with all URL Cat filters. Remote support web sites should not be blocked in general.
• It is not practical to block these requests based on destination URLs or IP addresses.
• These clients often use tunneled connections (such as TCP 443) which cannot be blocked in general.
• HTTP methods (e.g. CONNECT) are not available as conditions in SWG versions below 10.1.

Procedure:

Remote access clients often don't use a browser, but do use HTTP as a protocol. To block or control these connections, it is necessary to identify a specific criterion based on the content of the connection.

Example: TeamviewerQS

Step 1: Trace a successful connection

Identify a unique feature of the connection. In this case you can use the User Agent string: "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)".

Step 2: Create a Condition and a rule to block

• In the SWG interface, navigate to Policies > Condition Settings > Header Fields, and add a new component, e.g. "Blocked User Agents":

• Create a Blocking Rule using this condition:

Step 3: Test the connection request

The requests should now fail, and the reason can be seen by tracing the network stream:

Notes:

This procedure can be used to block many proprietary clients in a flexible and granular way. It is not limited to Remote Access clients.