product icon

What are the optimal firewall configurations?

If you or your company uses firewall allowlist to restrict network access to only specific websites or software, then you can use the information in this article to ensure that your service can connect.

If you or your company uses firewall allowlist to restrict network access to only specific websites or software, then you can use the information below to ensure that your service can connect.

Also see our Customer Community to subscribe to notifications when firewall information is updated (click Follow to subscribe).

Ports

Our GoTo products are configured to work with the following ports.

Port Purpose
Outbound TCP 443 Required, used by all products
Outbound TCP 80 Recommended, used for in-session communication
Inbound connections Not required

Domains

For most firewall or proxy systems, we recommend specifying an allowlist of DNS names for GoTo services so that outbound connections can be made. The list of GoTo domains currently includes (but is not limited to) the lists below.

Domain Description/Purpose
api.filepicker.io
*.filestackapi.com
*.cloudfront.net Third-party CDN
*.expertcity.com Product domain used by multiple GoTo products
*.getgo.com Product domain used by multiple GoTo products
*.getgocdn.com CDN used by multiple GoTo products
*.getgoservices.com Product domain used by multiple GoTo products
*.getgoservices.net Product domain used by multiple GoTo products
*.goto-rtc.com Real-time communication service used by multiple GoTo products
*.GoTo.com Corporate domain used by multiple GoTo products
*.GoToinc.com Corporate domain used by multiple GoTo products
*.GoTo.eu Corporate domain used by multiple GoTo products
*.raas.io Real-time communication service used by multiple GoTo products
*.accounts.logme.in Corporate domain used by multiple GoTo products
*.internap.net Powers updates to mulitple GoTo products
*.internapcdn.net Powers updates to mulitple GoTo products
*.measurement-lab.org Required for session diagnostic feature during remote session

GoToMyPC

GoToMyPC Domains
*.GoToMyPC.com

Important considerations for allowlisting by IP Ranges

It is recommended to use wildcard rules whenever possible while allowlisting or blocking any GoTo services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel.

Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our GoTo products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.

If your firewall includes a content or application data scanning filter, this may block the connection or cause increased latency which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the GoTo domains or IP ranges, including those of our third-party provider networks.

GoTo server / Data Center IP addresses for use in firewall configurations

Equivalent specifications in 3 common formats

Assigned Range by Block Numeric IP Address Range Netmask Notation CIDR Notation
Block 1 216.115.208.0 - 216.115.223.255 216.115.208.0 255.255.240.0 216.115.208.0/20
Block 2 216.219.112.0 - 216.219.127.255 216.219.112.0 255.255.240.0 216.219.112.0/20
Block 3 66.151.158.0 - 66.151.158.255 66.151.158.0 255.255.255.0 66.151.158.0/24
Block 4 202.173.24.0 - 202.173.31.255 202.173.24.0 255.255.248.0 202.173.24.0/21
Block 5 67.217.64.0 - 67.217.95.255 67.217.64.0 255.255.224.0 67.217.64.0/19
Block 6 78.108.112.0 - 78.108.127.255 78.108.112.0 255.255.240.0 78.108.112.0/20
Block 7 68.64.0.0 - 68.64.31.255 68.64.0.0 255.255.224.0 68.64.0.0/19
Block 8 206.183.100.0 - 206.183.103.255 206.183.100.0 255.255.252.0 206.183.100.0/22
Block 9 173.199.0.0 - 173.199.63.255 173.199.0.0 255.255.192.0 173.199.0.0/18
Block 10 180.153.30.0 - 180.153.31.255 180.153.30.0 255.255.254.0 180.153.30.0/23
Block 11 216.219.114.0 - 216.219.115.255 216.219.114.0 255.255.254.0 216.219.114.0/23
Block 12 (GoToMyPC only) 3.115.40.4
Block 13 (GoToMyPC only) 3.115.108.206
Block 14 (GoToMyPC only) 3.115.71.78

The following IPs are for GoToMyPC only

  • 67.217.93.192/28
  • 67.217.93.208/28
  • 23.239.230.208/28
  • 23.239.230.192/28
  • 173.199.10.208/28
  • 173.199.10.192/28
  • 3.1.0.0/16
  • 13.126.149.36/32
  • 15.207.0.0/16
  • 52.64.0.0/16
  • 3.115.0.0/16
  • 23.239.230.205
  • 23.239.230.214
  • 23.239.230.206
  • 173.199.10.195

Data Centers

We scale our services into third-party cloud and carrier networks for improved performance. To ensure continuous up-time, we also maintain data centers in the following regions:

  • U.S.: Nevada, Georgia, Virginia
  • Global: Netherlands, Germany, India, China
  • Global Public Cloud (including, but not limited to): California, Oregon, Virginia, Singapore, Australia, Japan, India, England
  • Content Delivery Public Cloud (including, but not limited to): California, Washington, Texas, Indiana, Missouri, New Jersey, Brazil, United Kingdom, Amsterdam, Germany, France, Italy, Hong Kong, Japan, Singapore

Third-party provider IP ranges

Article last updated: 14 March, 2023