Re: Optimal Firewall Configuration Information

GlennD · ‎08-27-2015

If you or your company uses firewall whitelist to restrict network access to only specific websites or software, then you can use the information below to ensure that your service can connect. (updated 1/2/19)

Ports

Our LogMeIn products are configured to work with the following ports.

Port	Purpose
Outbound TCP 443	Required, used by all products
Outbound TCP 80	Recommended, used for in-session communication
UDP 8200	Recommended, used for integrated Voice over IP (VoIP) and in-session communication
UDP 1853	Recommended, used for integrated webcam video support
TCP 1720 TCP 3000-4000 UDP 3000-4000	Used for InRoom Link video conference systems Can be closed when not using InRoom Link All GoToMeeting Telepresence Gateway IPs are listed below
Inbound connections	Not required

Domains

For most firewall or proxy systems, we recommend specifying a whitelist of DNS names for LogMeIn services so that outbound connections can be made. The list of LogMeIn domains currently includes (but is not limited to) the lists below.

Universally Required Whitelisting

Domain	Description/Purpose
api.filepicker.io	Third-party file-hosting service Note: This will soon change to *.filestackapi.com.
*.filestackapi.com	Third-party file-hosting service (NEW! FilePicker has changed their name)
*.cloudfront.net	Third-party CDN
*.expertcity.com	Corporate domain used by multiple LogMeIn products
*.getgo.com	Product domain used by multiple LogMeIn products
*.getgocdn.com	CDN used by multiple LogMeIn products
*.getgoservices.com	Product domain used by multiple LogMeIn products
*.getgoservices.net	Product domain used by multiple LogMeIn products
*.goto-rtc.com	Real-time communication service used by multiple LogMeInproducts
*.logmein.com	Corporate domain used by multiple LogMeIn products
*.logmeininc.com	Corporate domain used by multiple LogMeIn products
*logmein.eu	Corporate domain used by multiple LogMeIn products
*.raas.io	Real-time communication service used by multiple LogMeInproducts
*accounts.logme.in	Corporate domain used by multiple LogMeIn products
*internap.net	Powers updates to mulitple LogMeIn products
*internapcdn.net	Powers updates to mulitple LogMeIn products

GoToMeeting

GoToMeeting Domains
*.gotomeet.at
*.gotomeet.me
*.gotomeeting.com
*.joingotomeeting.com
*.openvoice.com

GoToMeeting In-Room Link

GoToMeeting Telepresence Gateway IPs (used for In-Room Link)
18.204.185.138	34.198.211.44	35.163.21.126	52.89.244.74
18.206.130.144	34.206.8.154	35.166.83.0	54.186.65.8
18.211.0.202	34.228.176.67	50.112.11.246	54.203.109.236
18.211.229.161	34.234.40.144	52.25.211.189	54.203.115.241
18.211.247.213	35.153.82.243	52.27.246.42	54.203.143.218
18.211.9.229	52.2.173.223	52.27.40.170	54.203.206.175
18.213.41.148	52.206.127.145	52.27.43.192	54.214.61.16
18.213.73.2	52.5.71.46	52.34.131.227	54.214.78.209
34.193.160.65	52.7.210.26	52.37.50.38	54.218.221.152
34.193.181.152	52.72.27.55	52.41.250.106	54.71.117.16

GoToWebinar

GoToWebinar Domains
*.gotowebinar.com
*.joinwebinar.com
*.webinar.com
*.gotostage.com

GoToTraining

GoToTraining Domains
*.gototraining.com
*.jointraining.com

OpenVoice

OpenVoice Domains
*.openvoice.com

GoToAssist

GoToAssist Domains
*.assist.com
*.fastsupport.com
*.go2assist.me
*.gofastchat.com
*.gotoassist.com
*.gotoassist.at
*.gotoassist.me
*.helpme.net
*logmeinrescue.com
*.tokbox.com
static.opentok.com
enterprise.opentok.com
api.opentok.com
anvil.opentok.com
hlg.toxbox.com

GoToMyPC

GoToMyPC Domains
*.gotomypc.com

Rescue

Rescue Domains
*LogMeIn123.com
*123rescue.com
*support.me
*logmeinrescue.com
* logmeinrescue.eu
*logmeinrescue-enterprise.com (Powers account-specific Rescue features, not required for standard accounts)
*logmein-gateway.com

Rescue Lens

Rescue Lens Domains
*logmeinrescue.com
*logmeinrescue-enterprise.com (only required for Enterprise accounts)

LastPass

LastPass Domains
*lastpass.com
*lastpass.eu

Join.me

Join.me Domains
*join.me

BoldChat

BoldChat Domains
*boldchat.com
*bold360.com

LogMeIn Pro & Central

LogMeIn Pro/Central Domains
*logmeinusercontent
*browse.logmeinusercontent.com

Important considerations for whitelisting by IP Ranges

It is recommended to use wildcard rules whenever possible while whitelisting or blocking any LogMeIn services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel.

Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our LogMeIn products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.

If your firewall includes a content or application data scanning filter, this may cause a block or latency, which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify an explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the LogMeIn domains or IP ranges, including those of our third-party provider networks.

LogMeIn server / Data Center IP addresses for use in firewall configurations

Equivalent specifications in 3 common formats

Assigned Range by Block	Numeric IP Address Range	Netmask Notation	CIDR Notation
Block 1	216.115.208.0 - 216.115.223.255	216.115.208.0 255.255.240.0	216.115.208.0/20
Block 2	216.219.112.0 - 216.219.127.255	216.219.112.0 255.255.240.0	216.219.112.0/20
Block 3	66.151.158.0 - 66.151.158.255	66.151.158.0 255.255.255.0	66.151.158.0/24
Block 4	66.151.150.160 - 66.151.150.191	66.151.150.160 255.255.255.224	66.151.150.160/27
Block 5	66.151.115.128 - 66.151.115.191	66.151.115.128 255.255.255.192	66.151.115.128/26
Block 6	64.74.80.0 - 64.74.80.255	64.74.80.0 255.255.255.0	64.74.80.0/24
Block 7	202.173.24.0 - 202.173.31.255	202.173.24.0 255.255.248.0	202.173.24.0/21
Block 8	67.217.64.0 - 67.217.95.255	67.217.64.0 255.255.224.0	67.217.64.0/19
Block 9	78.108.112.0 - 78.108.127.255	78.108.112.0 255.255.240.0	78.108.112.0/20
Block 10	68.64.0.0 - 68.64.31.255	68.64.0.0 255.255.224.0	68.64.0.0/19
Block 11	206.183.100.0 - 206.183.103.255	206.183.100.0 255.255.252.0	206.183.100.0/22
Block 12	173.199.0.0 - 173.199.63.255	173.199.0.0 255.255.192.0	173.199.0.0/18
Block 13	103.15.16.0 - 103.15.19.255	103.15.16.0 255.255.252.0	103.15.16.0/22
Block 14	180.153.30.0 - 180.153.31.255	180.153.30.0 255.255.254.0	180.153.30.0/23
Block 15	23.239.224.0 - 23.239.255.255	23.239.224.0 255.255.224.0	23.239.224.0/19
Block 16	185.36.20.0 - 185.36.23.255	185.36.20.0 255.255.252.0	185.36.20.0/22
Block 17	188.66.40.0 - 188.66.47.255	188.66.40.0 255.255.248.0	188.66.40.0/0
Block 18	63.251.34.0 - 63.251.34.255	63.251.34.0 255.255.255.0	63.251.34.0/24
Block 19	63.251.46.0 - 63.251.47.255	63.251.46.0 255.255.254.0	63.251.46.0/23
Block 20	64.74.17.0 - 64.74.17.255	64.74.17.0 255.255.255.0	64.74.17.0/24
Block 21	64.74.18.0 - 64.74.19.255	64.74.18.0 255.255.254.0	64.74.18.0/23
Block 22	64.74.103.0 - 64.74.103.255	64.74.103.0 255.255.255.0	64.74.103.0/24
Block 23	64.94.18.0 - 64.94.18.255	64.94.18.0 255.255.255.0	64.94.18.0/24
Block 24	64.94.46.0 - 64.94.47.255	64.94.46.0 255.255.254.0	64.94.46.0/23
Block 25	64.95.128.0 - 64.95.129.255	64.95.128.0 255.255.254.0	64.95.128.0/23
Block 26	66.150.108.0 - 66.150.108.255	66.150.108.0 255.255.255.0	66.150.108.0/24
Block 27	67.217.80.0 - 67.217.81.255	67.217.80.0 255.255.254.0	67.217.80.0/23
Block 28	69.25.20.0 - 69.25.21.255	69.25.20.0 255.255.254.0	69.25.20.0/23
Block 29	69.25.247.0 - 69.25.247.255	69.25.247.0 255.255.255.0	69.25.247.0/24
Block 30	77.242.192.0 - 77.242.192.254	77.242.192.0 255.255.254.0	77.242.192.0/24
Block 31	95.172.70.0 - 95.172.70.255	95.172.70.0 255.255.255.0	95.172.70.0/24
Block 32	111.221.57.0 - 111.221.57.255	111.221.57.0 255.255.255.0	111.221.57.0/24
Block 33	212.118.234.0 - 212.118.234.254	212.118.234.0 255.255.254.0	212.118.234.0/24
Block 34	216.219.114.0 - 216.219.115.255	216.219.114.0 255.255.254.0	216.219.114.0/23

IPv6 addresses space

Assigned by Block	Classless Inter-Domain Routing (CIDR) format
Block 1	2620:0:c70::/48
Block 2	2a04:6660::/30

Data Centers

We scale our services into third-party cloud and carrier networks for improved performance. To ensure continuous up-time, we also maintain data centers in the following regions:

U.S.: Nevada, Georgia, Virginia
Global: Netherlands, Germany, India, China
Global Public Cloud (including, but not limited to): California, Oregon, Virginia, Singapore, Australia, Japan
Content Delivery Public Cloud (including, but not limited to): California, Washington, Texas, Indiana, Missouri, New Jersey, Brazil, United Kingdom, Amsterdam, Germany, France, Italy, Hong Kong, Japan, Singapore

Third-party provider IP ranges

IP ranges for the content delivery network (CDN)

IP ranges for other services (audio, video and screen sharing)

IP ranges for Microsoft Azure

IP ranges for Cloudflare (specific to GoToMyPC)

Email domains

customerService@s.logmein.com
@s.logmein.com
@Care.gotomeeting.com
@Care.gotomypc.com
@Care.gotoassist.com
@Care.gotowebinar.com
@Care.gototraining.com
@e.join.me
@t.join.me
@e.logmein.com
@t.logmein.com
@e.lastpass.com
@t.lastpass.com

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!

GlennD · ‎05-27-2017

Updated 5/26/2017

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!

GlennD · ‎11-15-2017

Updated 11/15/2017

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!

james2484 · ‎12-11-2017

Hi Glenn,

Can you confirm if TCP 8200 needs to be unblocked, or will it just use 443 and 80 instead?

Thanks

James

GlennD · ‎12-11-2017

Hi James,

Our software will test all 3 ports and use which ever allows outbound communication.

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!

james2484 · ‎12-11-2017

Great, thanks Glen.

Is there a way to prevent file sharing within the application? And is it compatible with both SOCKS and NTLM proxy servers?

Thanks

James

GlennD · ‎12-11-2017

@james2484 GoToMeeting, GoToWebinar and GoToTraining do not have a file transfer feature. For the Proxy you maybe asked to provide your credentials before our sofware will be allowed to connect, we also have a Connection Wizard that can be run on Windows PCs to trigger this if needed.

I would recommend starting with our System Check page here: https://support.logmeininc.com/gotowebinar/system-check-attendee There is a test session that you can try to join to test out the flow. You can download and run our Connnection Wizard from here: https://support.logmeininc.com/article/g2m050025

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!

james2484 · ‎02-05-2018

Hi,

Is it possible to join a test session from the G2M setup MSI multi user installer? We use this in conjucntion with the GoToMeetingMultiUserOpener.

We have a relatively high secuirty environment, and the installed application doesn't seem to be running.

2948 _createProcess: ...

14:50:52 2948 E: Installer launch failed; command was: "C:\Users\BLAMPI~1\AppData\Local\Temp\CCCED23B-8675-4859-85EC-

for the test, it seems to be trying to download a component? Surely it shouldn't be trying to use this location?

Thanks

James

AshC · ‎02-06-2018

Hi James,

Yes, we do attempt to install the GoToMeeting endpoint through the AppData folder.

To join a test session, we have this page available: GoToMeeting Test Session

james2484 · ‎02-19-2018

Hi,

During our testing, we’ve found that the G2M multi-client makes connections to *.expertcity.com as LocalSystem. This only occurs during live webinars, not pre-recorded ones.

As a result, we’ve had to whitelist the URL above on a per machine basis, which is a bit of a management headache.

Moving forward, we’d like to make this a global exception, but we’re unwilling to do so without understanding exactly what is going on here behind the scenes.

Cna you please clarify?

Thanks

James