What are the optimal firewall configurations?
If you or your company uses firewall allowlist to restrict network access to only specific websites or software, then you can use the information in this article to ensure that your service can connect.
If you or your company uses firewall allowlist to restrict network access to only specific websites or software, then you can use the information below to ensure that your service can connect.
Also see our Customer Community to subscribe to notifications when firewall information is updated (click Follow to subscribe).
Our GoTo products are configured to work with the following ports.
|Outbound TCP 443||Required, used by all products|
|Outbound TCP 80||Recommended, used for in-session communication|
|Inbound connections||Not required|
For most firewall or proxy systems, we recommend specifying an allowlist of DNS names for GoTo services so that outbound connections can be made. The list of GoTo domains currently includes (but is not limited to) the lists below.
|*.expertcity.com||Product domain used by multiple GoTo products|
|*.getgo.com||Product domain used by multiple GoTo products|
|*.getgocdn.com||CDN used by multiple GoTo products|
|*.getgoservices.com||Product domain used by multiple GoTo products|
|*.getgoservices.net||Product domain used by multiple GoTo products|
|*.goto-rtc.com||Real-time communication service used by multiple GoTo products|
|*.GoTo.com||Corporate domain used by multiple GoTo products|
|*.GoToinc.com||Corporate domain used by multiple GoTo products|
|*.GoTo.eu||Corporate domain used by multiple GoTo products|
|*.raas.io||Real-time communication service used by multiple GoTo products|
|*.accounts.logme.in||Corporate domain used by multiple GoTo products|
|*.internap.net||Powers updates to mulitple GoTo products|
|*.internapcdn.net||Powers updates to mulitple GoTo products|
|*.measurement-lab.org||Required for session diagnostic feature during remote session|
Important considerations for allowlisting by IP Ranges
It is recommended to use wildcard rules whenever possible while allowlisting or blocking any GoTo services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel.
Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our GoTo products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.
If your firewall includes a content or application data scanning filter, this may block the connection or cause increased latency which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the GoTo domains or IP ranges, including those of our third-party provider networks.
GoTo server / Data Center IP addresses for use in firewall configurations
Equivalent specifications in 3 common formats
|Assigned Range by Block||Numeric IP Address Range||Netmask Notation||CIDR Notation|
|Block 1||126.96.36.199 - 188.8.131.52||184.108.40.206 255.255.240.0||220.127.116.11/20|
|Block 2||18.104.22.168 - 22.214.171.124||126.96.36.199 255.255.240.0||188.8.131.52/20|
|Block 3||184.108.40.206 - 220.127.116.11||18.104.22.168 255.255.255.0||22.214.171.124/24|
|Block 4||126.96.36.199 - 188.8.131.52||184.108.40.206 255.255.248.0||220.127.116.11/21|
|Block 5||18.104.22.168 - 22.214.171.124||126.96.36.199 255.255.224.0||188.8.131.52/19|
|Block 6||184.108.40.206 - 220.127.116.11||18.104.22.168 255.255.240.0||22.214.171.124/20|
|Block 7||126.96.36.199 - 188.8.131.52||184.108.40.206 255.255.224.0||220.127.116.11/19|
|Block 8||18.104.22.168 - 22.214.171.124||126.96.36.199 255.255.252.0||188.8.131.52/22|
|Block 9||184.108.40.206 - 220.127.116.11||18.104.22.168 255.255.192.0||22.214.171.124/18|
|Block 10||126.96.36.199 - 188.8.131.52||184.108.40.206 255.255.254.0||220.127.116.11/23|
|Block 11||18.104.22.168 - 22.214.171.124||126.96.36.199 255.255.254.0||188.8.131.52/23|
|Block 12 (GoToMyPC only)||184.108.40.206|
|Block 13 (GoToMyPC only)||220.127.116.11|
|Block 14 (GoToMyPC only)||18.104.22.168|
The following IPs are for GoToMyPC only
We scale our services into third-party cloud and carrier networks for improved performance. To ensure continuous up-time, we also maintain data centers in the following regions:
- U.S.: Nevada, Georgia, Virginia
- Global: Netherlands, Germany, India, China
- Global Public Cloud (including, but not limited to): California, Oregon, Virginia, Singapore, Australia, Japan, India, England
- Content Delivery Public Cloud (including, but not limited to): California, Washington, Texas, Indiana, Missouri, New Jersey, Brazil, United Kingdom, Amsterdam, Germany, France, Italy, Hong Kong, Japan, Singapore