Allowlisting and Firewall Configuration for LogMeIn Central
If you or your company uses a firewall allow list to restrict network access to only specific websites or software, then you can use the information below to ensure that your service can connect.
Minimal Firewall Settings for the new GoTo app |
Minimal Firewall Settings for using the GoTo Meeting, GoTo Webinar, and GoTo Training Desktop App |
GoTo Connect | OpenVoice | GoTo Resolve | Central |
GoTo Meeting & GoTo Room | Join.me | GoToAssist Products | Pro |
GoTo Webinar | Rescue | GoToMyPC | Hamachi |
GoTo Training | Rescue Live Lens | RemotelyAnywhere | LastPass |
Ports
Our GoTo products are configured to work with the following ports.
Port | Purpose |
---|---|
Outbound TCP 443 | Required, used by all products. Needs to support WebSocket connections over HTTPS |
Outbound TCP 80 | Recommended, used for in-session communication |
TCP 2002 | Used locally by the LogMeIn host service. Accepts the connection from the systray applet and provides information about the status of the service (online/offline). |
Inbound connections | Not required |
Allowlist domains
For most firewall or proxy systems, we recommend specifying an allowlist of DNS names for GoTo services so that outbound connections can be made. The list of GoTo domains currently includes (but is not limited to) the lists below.
Universally required domains | Description/Purpose |
---|---|
*.accounts.logme.in | Corporate domain used by multiple GoTo products |
api.filepicker.io | Third-party file-hosting service This will soon change to *.filestackapi.com. |
*app.goto.com | Product domain used by multiple GoTo products |
*.cdngetgo.com | CDN used by multiple GoTo products |
*.clientstream.launchdarkly.com | Third-party feature testing service |
*.cloudfront.net | Third-party CDN |
*.expertcity.com | Corporate domain used by multiple GoTo products |
*.filestackapi.com | Third-party file-hosting service |
*.getgo.com | Product domain used by multiple GoTo products |
*.getgocdn.com | CDN used by multiple GoTo products |
*.getgoservices.com | Product domain used by multiple GoTo products |
*.getgoservices.net | Product domain used by multiple GoTo products |
*.goto.com | Product domain used by multiple GoTo products |
*.goto.eu | Corporate domain used by multiple GoTo products |
*.gotoinc.com | Corporate domain used by multiple GoTo products |
*.goto-rtc.com | Real-time communication service used by multiple products |
*.ingest.sentry.io | Third-party error tracking service |
*.internap.net | Powers updates to multiple GoTo products |
*internapcdn.net | Powers updates to multiple GoTo products |
*.internapcdn.net | Powers updates to multiple GoTo products |
*.launchdarkly.com | Third-party feature testing service |
*.logmein.com | Corporate domain used by multiple GoTo products |
*.logmeininc.com | Corporate domain used by multiple GoTo products |
*logmein.eu | Corporate domain used by multiple GoTo products |
Pro/Central specific domains | Feature supported |
---|---|
*.logmeinusercontent | For files stored and shared using the Pro Files feature |
*.browse.logmeinusercontent.com | For files stored and shared using the Pro Files feature |
lmi-antivirus-live.azureedge.net | For Central - Antivirus |
lmi-appupdates-live.azureedge.net | For Central - Application updates |
Email domains |
---|
For email invitations and correspondences from us and the GoTo software, we recommend allowing the following email domains through your email's spam and allow list filters. |
@goto.com |
@logmein.com |
customerService@s.logmein.com |
@s.logmein.com |
@care.gotomeeting.com |
@m.gotomeeting.com |
@care.gotomypc.com |
@care.gotoassist.com |
@care.gotowebinar.com |
@care.gototraining.com |
@jive.com |
@m.join.me |
@t.join.me |
@m.logmein.com |
@t.logmein.com |
Important considerations for allowlisting by IP Ranges
It is recommended to use wildcard rules whenever possible while allowlisting or blocking any GoTo services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within an HTTPS tunnel where data is encrypted with AES-256 symmetric cipher.
Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our GoTo products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.
If your firewall includes a content or application data scanning filter, this may cause a block or latency, which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the GoTo domains or IP ranges, including those of our third-party provider networks.
GoTo server / Data Center IP addresses for use in firewall configurations
The following IP ranges may be used by any GoTo product, so they should all be added to your allowlist. See below for additional GoTo product-specific ranges. This list is also available in JSON format at https://goto-ipblocks.live.gtc.goto.com/.
Equivalent specifications in 3 common formats
Assigned Range by Block | Numeric IP Address Range | Netmask Notation | CIDR Notation |
---|---|---|---|
Block 1 | 216.115.208.0 – 216.115.223.255 | 216.115.208.0 255.255.240.0 | 216.115.208.0/20 |
Block 2 | 216.219.112.0 – 216.219.127.255 | 216.219.112.0 255.255.240.0 | 216.219.112.0/20 |
Block 3 | 67.217.64.0 – 67.217.95.255 | 67.217.64.0 255.255.224.0 | 67.217.64.0/19 |
Block 4 | 173.199.0.0 – 173.199.63.255 | 173.199.0.0 255.255.192.0 | 173.199.0.0/18 |
Block 5 | 206.183.100.0 – 206.183.103.255 | 206.183.100.0 255.255.252.0 | 206.183.100.0/22 |
Block 6 | 68.64.0.0 – 68.64.31.255 | 68.64.0.0 255.255.224.0 | 68.64.0.0/19 |
Block 7 | 23.239.224.0 – 23.239.255.255 | 23.239.224.0 255.255.224.0 | 23.239.224.0/19 |
Block 8 | 158.120.16.0 - 158.120.31.255 | 158.120.16.0 255.255.240.0 | 158.120.16.0/20 |
Block 9 | 202.173.24.0 – 202.173.31.255 | 202.173.24.0 255.255.248.0 | 202.173.24.0/21 |
Block 10 | 78.108.112.0 – 78.108.127.255 | 78.108.112.0 255.255.240.0 | 78.108.112.0/20 |
Block 11 | 185.36.20.0 – 185.36.23.255 | 185.36.20.0 255.255.252.0 | 185.36.20.0/22 |
Block 12 | 188.66.40.0 – 188.66.47.255 | 188.66.40.0 255.255.248.0 | 188.66.40.0/21 |
Block 13 | 45.12.196.0 – 45.12.199.255 | 45.12.196.0 255.255.252.0 | 45.12.196.0/22 |
Block 14 | 162.250.60.0 – 162.250.63.255 | 162.250.60.0 255.255.252.0 | 162.250.60.0/22 |
Block 15 | 199.36.248.0 – 199.36.251.255 | 199.36.248.0 255.255.252.0 | 199.36.248.0/22 |
Block 16 | 199.87.120.0 – 199.87.123.255 | 199.87.120.0 255.255.252.0 | 199.87.120.0/22 |
Block 17 | 103.15.16.0 – 103.15.19.255 | 103.15.16.0 255.255.252.0 | 103.15.16.0/22 |
Block 18 | 64.74.17.0 – 64.74.17.255 | 64.74.17.0 255.255.255.0 | 64.74.17.0/24 |
Block 19 | 64.74.18.0 – 64.74.19.255 | 64.74.18.0 255.255.254.0 | 64.74.18.0/23 |
Block 20 | 64.74.103.0 – 64.74.103.255 | 64.74.103.0 255.255.255.0 | 64.74.103.0/24 |
Block 21 | 64.94.18.0 – 64.94.18.255 | 64.94.18.0 255.255.255.0 | 64.94.18.0/24 |
Block 22 | 64.94.46.0 – 64.94.47.255 | 64.94.46.0 255.255.254.0 | 64.94.46.0/23 |
Block 23 | 64.95.128.0 – 64.95.129.255 | 64.95.128.0 255.255.254.0 | 64.95.128.0/23 |
Block 24 | 66.150.108.0 – 66.150.108.255 | 66.150.108.0 255.255.255.0 | 66.150.108.0/24 |
Block 25 | 69.25.20.0 – 69.25.21.255 | 69.25.20.0 255.255.254.0 | 69.25.20.0/23 |
Block 26 | 69.25.247.0 – 69.25.247.255 | 69.25.247.0 255.255.255.0 | 69.25.247.0/24 |
Block 27 | 95.172.70.0 – 95.172.70.255 | 95.172.70.0 255.255.255.0 | 95.172.70.0/24 |
Block 28 | 111.221.57.0 – 111.221.57.255 | 111.221.57.0 255.255.255.0 | 111.221.57.0/24 |
Block 29 | 63.251.34.0 - 63.251.34.255 | 63.251.34.0 255.255.255.0 | 63.251.34.0/24 |
Block 30 | 63.251.46.0 - 63.251.47.255 | 63.251.46.0 255.255.254.0 | 63.251.46.0/23 |
Block 31 | 212.118.234.0 - 212.118.234.254 | 212.118.234.0 255.255.254.0 | 212.118.234.0/24 |
IPv6 addresses space
Assigned by Block | Classless Inter-Domain Routing (CIDR) format |
---|---|
Block 1 | 2606:CB00::/32 |
Block 2 | 2a0e:bd00::/29 |
Third-party provider IP ranges
Data centers
We scale our services with third-party cloud and carrier networks for improved performance. To ensure continuous up-time, we also maintain data centers in the following regions:
- U.S.: Nevada, Virginia, Michigan
- Global: Germany, Australia
- Global Public Cloud (including, but not limited to): California, Oregon, Virginia, Singapore, Australia, Japan
- Content Delivery Public Cloud (including, but not limited to): California, Washington, Texas, Indiana, Missouri, New Jersey, Brazil, United Kingdom, Amsterdam, Germany, France, Italy, Hong Kong, Japan, Singapore