Allowlisting and Firewall Configuration

If you or your company uses firewall allowlist to restrict network access to only specific websites or software, then you can use the information below to ensure that your service can connect.

See our Customer Community to subscribe to notifications when firewall information is updated. Click Subscribe to be notified.

Notice: Looking for LastPass information? Please see LastPass Allowlisting and Firewall Configuration.

Jump to a specific section of this article or view related content:

Ports & Domains	Domains	IP ranges/blocks
Ports	GoTo Connect	Important considerations
Universal	GoTo Connect IP Range Blocks	GoTo server / Data Center IP addresses
GoTo Meeting	GoToAssist	IPv6 addresses space
GoTo	GoToMyPC	Data Centers
GoTo Meeting In-Room Link	Rescue	Third-party providers
GoTo Room	Rescue Lens	Email domains
GoTo Webinar	Join.me
GoTo Training	Hamachi
OpenVoice	Pro & Central

Ports

Our GoTo products are configured to work with the following ports.

Port	Purpose
Outbound TCP 443	Required, used by all products. Needs to support WebSocket connections over HTTPS
Outbound TCP 80	Recommended, used for in-session communication
UDP 8200	Recommended, used for integrated Voice over IP (VoIP) and in-session communication
UDP 1853	Recommended, used for integrated webcam video support and Voice over IP (VoIP) and in-session communication
Outbound 3478 TCP UDP 3478	Recommended, used by the GoTo app for media connectivity to the TURN servers
TCP 1720 TCP 3000-4000 UDP 3000-4000	Used for InRoom Link video conference systems Can be closed when not using InRoom Link All GoTo Meeting Telepresence Gateway IPs are listed below
UDP 45000-49999	Used by GoTo Room for STUN traffic
UDP 123	Used by GoTo Room devices for time synchronization
SIP 5060 SIP 5061	Used for GoTo Room, InRoom Link video conference systems, and Jive
Inbound connections	Not required

Domains

For most firewall or proxy systems, we recommend specifying an allowlist of DNS names for GoTo services so that outbound connections can be made. The list of GoTo domains currently includes (but is not limited to) the lists below.

Universally Required Allowlisting

Domain	Description/Purpose
api.filepicker.io	Third-party file-hosting service This will soon change to *.filestackapi.com.
*app.goto.com	Product domain used by multiple GoTo products
*.cdngetgo.com	CDN used by multiple GoTo products
*.clientstream.launchdarkly.com	Third-party feature testing service
*.cloudfront.net	Third-party CDN
*.expertcity.com	Corporate domain used by multiple GoTo products
*.filestackapi.com	Third-party file-hosting service (NEW! FilePicker has changed their name)
*.getgo.com	Product domain used by multiple GoTo products
*.getgocdn.com	CDN used by multiple GoTo products
*.getgoservices.com	Product domain used by multiple GoTo products
*.getgoservices.net	Product domain used by multiple GoTo products
*.goto.com	Product domain used by multiple GoTo products
*.goto-rtc.com	Real-time communication service used by multiple products
*.ingest.sentry.io	Third-party error tracking service
*.launchdarkly.com	Third-party feature testing service
*.logmein.com	Corporate domain used by multiple GoTo products
*.logmeininc.com	Corporate domain used by multiple GoTo products
*logmein.eu	Corporate domain used by multiple GoTo products
*.raas.io	Real-time communication service used by multiple GoTo products
*.accounts.logme.in	Corporate domain used by multiple GoTo products
*.internap.net	Powers updates to multiple GoTo products
*.internapcdn.net	Powers updates to multiple GoTo products

GoTo Meeting

GoTo Meeting Domains
*.gotomeet.at
*.gotomeet.me
*.gotomeeting.com
*.joingotomeeting.com
*.openvoice.com
*psyjs-cdn.personify.live
*psyjs-cdn.nuvixa.com
*.gofastchat.com
builds.cdn.goto.com
builds.cdn.getgo.com
launch.getgo.com

GoTo

Please note that you must also allowlist all domains listed for GoToConnect.

GoTo Domains
meet.goto.com
goto-desktop.s3.amazonaws.com

GoTo Meeting In-Room Link

GoTo Meeting Telepresence Gateway IPs (used for In-Room Link)
18.204.185.138	34.198.211.44	35.163.21.126	52.89.244.74
18.206.130.144	34.206.8.154	35.166.83.0	54.186.65.8
18.211.0.202	34.228.176.67	50.112.11.246	54.203.109.236
18.211.229.161	34.234.40.144	52.25.211.189	54.203.115.241
18.211.247.213	35.153.82.243	52.27.246.42	54.203.143.218
18.211.9.229	52.2.173.223	52.27.40.170	54.203.206.175
18.213.41.148	52.206.127.145	52.27.43.192	54.214.61.16
18.213.73.2	52.5.71.46	52.34.131.227	54.214.78.209
34.193.160.65	52.7.210.26	52.37.50.38	54.218.221.152
34.193.181.152	52.72.27.55	52.41.250.106	54.71.117.16

GoTo Room

Please note that you must also allowlist all domains listed for GoTo Meeting.

GoTo Room Domains
*.dolbyvoice.com (for GoTo Room with Dolby Voice only)
*.google-analytics.com
*.gotoconference.com
*.gotoroom.com
*.jive.com
*.jiveip.net
*.jmp.tw

GoTo Webinar

GoTo Webinar Domains
*.gotowebinar.com
*.joinwebinar.com
*.webinar.com
*.gotostage.com
*.cdn.walkme.com
*psyjs-cdn.personify.live
*psyjs-cdn.nuvixa.com
*.gofastchat.com
builds.cdn.goto.com
builds.cdn.getgo.com
launch.getgo.com

GoTo Training

GoTo Training Domains
*.gototraining.com
*google.com
*.googleapis.com
*.jointraining.com
*.firebaseio.com
*.firebaseapp.com
*.cdn.walkme.com
*.gofastchat.com
builds.cdn.goto.com
builds.cdn.getgo.com
launch.getgo.com

OpenVoice

OpenVoice Domains
*.openvoice.com

GoToConnect

GoToConnect Domains
*.hvoice.net
*.jive.com
*.jmp.tw
*.onjive.com
*.rtcprov.net

GoToConnect IP Range Blocks

For more detailed information, please see What are GoToConnect's IP blocks?

Description	Block	Netmask	Wildcard
GoToConnect Block 1	`199.36.248.0/22`	`255.255.252.0`	`0.0.3.255`
GoToConnect Block 2	`199.87.120.0/22`	`255.255.252.0`	`0.0.3.255`
GoToConnect Block 3	`162.250.60.0/22`	`255.255.252.0`	`0.0.3.255`
GoToConnect Block 4	`45.12.196.0/22`	`255.255.252.0`	`0.0.3.255`
GoToConnect Block 5	`202.173.24.0/21`	`255.255.248.0`	`0.0.7.255`
GoToConnect Block 6	`173.199.0.0/18`	`255.255.192.0`	`0.0.63.255`
GoToConnect Block 7	`23.239.224.0/19`	`255.255.224.0`	`0.0.31.255`
GoToConnect IPv6	`2606:CB00::/32`	—	—

GoToAssist

GoToAssist Domains
*.assist.com
*.fastsupport.com
*.go2assist.me
*.gofastchat.com
*.gotoassist.com
*.gotoassist.at
*.gotoassist.me
*.helpme.net
*.logmeinrescue.com
*.tokbox.com
static.opentok.com
enterprise.opentok.com
api.opentok.com
anvil.opentok.com
hlg.toxbox.com (Required for GoToAssist Seeit only)

GoToMyPC

GoToMyPC Domains
*.gotomypc.com

Rescue

Rescue Domains
*.LogMeIn123.com
*.123rescue.com
*.support.me
*.logmeinrescue.com
*.logmeinrescue.eu
*.logmeinrescue-enterprise.com (Powers account-specific Rescue features, not required for standard accounts)
*.logmein-gateway.com

Rescue Lens

Rescue Lens Domains
*.logmeinrescue.com
*.logmeinrescue-enterprise.com (only required for Enterprise accounts)

Join.me

Join.me Domains
*.join.me

Hamachi

Hamachi Domains
*.hamachi.cc

Pro & Central

Pro/Central Domains	Feature Supported
*.logmeinusercontent	For files stored and shared using the Pro Files feature
*.browse.logmeinusercontent.com	For files stored and shared using the Pro Files feature
lmi-antivirus-live.azureedge.net	For Central - Antivirus
lmi-appupdates-live.azureedge.net	For Central - Application updates

Important considerations for allowlisting by IP Ranges

It is recommended to use wildcard rules whenever possible while allowlisting or blocking any GoTo services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within an HTTPS tunnel where data is encrypted with AES-256 symmetric cipher.

Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our GoTo products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.

If your firewall includes a content or application data scanning filter, this may cause a block or latency, which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the GoTo domains or IP ranges, including those of our third-party provider networks.

server / Data Center IP addresses for use in firewall configurations

Equivalent specifications in 3 common formats

Assigned Range by Block	Numeric IP Address Range	Netmask Notation	CIDR Notation
Block 1	216.115.208.0 – 216.115.223.255	216.115.208.0 255.255.240.0	216.115.208.0/20
Block 2	216.219.112.0 – 216.219.127.255	216.219.112.0 255.255.240.0	216.219.112.0/20
Block 3	67.217.64.0 – 67.217.95.255	67.217.64.0 255.255.224.0	67.217.64.0/19
Block 4	173.199.0.0 – 173.199.63.255	173.199.0.0 255.255.192.0	173.199.0.0/18
Block 5	206.183.100.0 – 206.183.103.255	206.183.100.0 255.255.252.0	206.183.100.0/22
Block 6	68.64.0.0 – 68.64.31.255	68.64.0.0 255.255.224.0	68.64.0.0/19
Block 7	23.239.224.0 – 23.239.255.255	23.239.224.0 255.255.224.0	23.239.224.0/19
Block 8	158.120.16.0 - 158.120.31.255	158.120.16.0 255.255.240.0	158.120.16.0/20
Block 9	202.173.24.0 – 202.173.31.255	202.173.24.0 255.255.248.0	202.173.24.0/21
Block 10	78.108.112.0 – 78.108.127.255	78.108.112.0 255.255.240.0	78.108.112.0/20
Block 11	185.36.20.0 – 185.36.23.255	185.36.20.0 255.255.252.0	185.36.20.0/22
Block 12	188.66.40.0 – 188.66.47.255	188.66.40.0 255.255.248.0	188.66.40.0/21
Block 13	45.12.196.0 – 45.12.199.255	45.12.196.0 255.255.252.0	45.12.196.0/22
Block 14	162.250.60.0 – 162.250.63.255	162.250.60.0 255.255.252.0	162.250.60.0/22
Block 15	199.36.248.0 – 199.36.251.255	199.36.248.0 255.255.252.0	199.36.248.0/22
Block 16	199.87.120.0 – 199.87.123.255	199.87.120.0 255.255.252.0	199.87.120.0/22
Block 17	103.15.16.0 – 103.15.19.255	103.15.16.0 255.255.252.0	103.15.16.0/22
Block 18	64.74.17.0 – 64.74.17.255	64.74.17.0 255.255.255.0	64.74.17.0/24
Block 19	64.74.18.0 – 64.74.19.255	64.74.18.0 255.255.254.0	64.74.18.0/23
Block 20	64.74.103.0 – 64.74.103.255	64.74.103.0 255.255.255.0	64.74.103.0/24
Block 21	64.94.18.0 – 64.94.18.255	64.94.18.0 255.255.255.0	64.94.18.0/24
Block 22	64.94.46.0 – 64.94.47.255	64.94.46.0 255.255.254.0	64.94.46.0/23
Block 23	64.95.128.0 – 64.95.129.255	64.95.128.0 255.255.254.0	64.95.128.0/23
Block 24	66.150.108.0 – 66.150.108.255	66.150.108.0 255.255.255.0	66.150.108.0/24
Block 25	69.25.20.0 – 69.25.21.255	69.25.20.0 255.255.254.0	69.25.20.0/23
Block 26	69.25.247.0 – 69.25.247.255	69.25.247.0 255.255.255.0	69.25.247.0/24
Block 27	95.172.70.0 – 95.172.70.255	95.172.70.0 255.255.255.0	95.172.70.0/24
Block 28	111.221.57.0 – 111.221.57.255	111.221.57.0 255.255.255.0	111.221.57.0/24

IPv6 addresses space

Assigned by Block	Classless Inter-Domain Routing (CIDR) format
Block 1	2620:0:c70::/48
Block 2	2a04:6660::/30

Data Centers

We scale our services with third-party cloud and carrier networks for improved performance. To ensure continuous up-time, we also maintain data centers in the following regions:

U.S.: Nevada, Virginia, Michigan
Global: Germany, Australia
Global Public Cloud (including, but not limited to): California, Oregon, Virginia, Singapore, Australia, Japan
Content Delivery Public Cloud (including, but not limited to): California, Washington, Texas, Indiana, Missouri, New Jersey, Brazil, United Kingdom, Amsterdam, Germany, France, Italy, Hong Kong, Japan, Singapore

Third-party provider IP ranges

IP ranges for the content delivery network (CDN)

IP ranges for Microsoft Azure

Email domains

@goto.com
@logmein.com
customerService@s.logmein.com
@s.logmein.com
@care.gotomeeting.com
@m.gotomeeting.com
@care.gotomypc.com
@care.gotoassist.com
@care.gotowebinar.com
@care.gototraining.com
@jive.com
@m.join.me
@t.join.me
@m.logmein.com
@t.logmein.com

Article last updated: 31 January, 2023