Articles on: TeamViewer

xAssist - Firewall & Security Configuration - Clients

Firewall Configuration for xAssist Clients


For the rules mentioned your NAT should allow the Clients (Smart Glasses and Experts via Web-UI) to have outgoing traffic with returning traffic in response, having your NAT configured to do endpoint-independent mapping, and preferably address-dependent filtering or endpoint-independent filtering.

If not all rules mentioned in the below sections can get implemented (e.g. due to IT policies), then WebRTC will automatically choose the best possible option as described in the section ‘Interactive Connectivity Establishment (ICE)’.

Communication with Frontline Command Centre





Communication with command centre


Host to Host Communication



Inbound and outbound UDP traffic must be allowed. The port ranges can be configured via group policies for the web browser.


Host to Host

Frontline STUN and TURN Server



TeamViewer provides a global network of distributed STUN/TURN servers including a load balancing mechanism which automatically assigns xAssist users the optimal STUN/TURN server based on the region.

Stun & Turn



Frontline Conferencing Servers (SFU)


TeamViewer provides a global network of distributed SFUs including a load balancing mechanism that automatically assigns xAssist users the optimal SFU based on the region.

To allow conference calls, webrtc.svc.frontlineworker.com needs to be reachable via HTTPS / TCP 443 for signaling purposes.


SFU

Depending on region/DNS resolving one of the below

To authenticate against the SFUs HTTPS/TCP 443 access to webrtc.svc.frontlineworker.com is required as well.

xAssist Security Information



xAssist Peer-to-Peer (1 to 1 call)



The underlaying framework WebRTC forces DTLS and SRTP on all connections, which means Video and Audio are End-to-End encrypted.

Even with turn, the packages are only decrypted by the receiver, never by the turn server.

xAssist Conferences


Forced End-to-End encryption using DTLS/SRTP from Peer to SFU. SFU decrypts the media and encrypts it again to send it to the receiver. No media of a peer is ever stored in persistent storage.

Cipher Suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is used.

Updated on: 14/03/2023

Was this article helpful?

Share your feedback

Cancel

Thank you!