If you or your company uses firewall whitelist to restrict network access to only specific websites or software, then you can use the information below to ensure that your service can connect. (updated 1/2/19)
Our LogMeIn products are configured to work with the following ports.
Port | Purpose |
---|---|
Outbound TCP 443 | Required, used by all products. Needs to support WebSocket connections over HTTPS |
Outbound TCP 80 | Recommended, used for in-session communication |
UDP 8200 | Recommended, used for integrated Voice over IP (VoIP) and in-session communication |
UDP 1853 | Recommended, used for integrated webcam video support and Voice over IP (VoIP) and in-session communication |
TCP 1720 TCP 3000-4000 UDP 3000-4000 |
|
UDP 45000-49999 | Used by GoToRoom for STUN traffic |
UDP 123 | Used by GoToRoom devices for time synchronization |
SIP 5060 SIP 5061 |
Used for GoToRoom, InRoom Link video conference systems, and Jive |
Inbound connections | Not required |
For most firewall or proxy systems, we recommend specifying a allowlist of DNS names for LogMeIn services so that outbound connections can be made. The list of LogMeIn domains currently includes (but is not limited to) the lists below.
Domain | Description/Purpose |
---|---|
api.filepicker.io |
Third-party file-hosting service This will soon change to *.filestackapi.com. |
*.cdngetgo.com | CDN used by multiple products |
*.clientstream.launchdarkly.com | Third-party feature testing service |
*.cloudfront.net | Third-party CDN |
*.expertcity.com | Corporate domain used by multiple products |
*.filestackapi.com |
Third-party file-hosting service |
*.getgo.com | Product domain used by multiple products |
*.getgocdn.com | CDN used by multiple products |
*.getgoservices.com | Product domain used by multiple products |
*.getgoservices.net | Product domain used by multiple products |
*.goto-rtc.com | Real-time communication service used by multiple products |
*.launchdarkly.com | Third-party feature testing service |
*.logmein.com | Corporate domain used by multiple products |
*.logmeininc.com | Corporate domain used by multiple products |
*logmein.eu | Corporate domain used by multiple products |
*.raas.io | Real-time communication service used by multiple products |
*accounts.logme.in | Corporate domain used by multiple products |
*internap.net | Powers updates to mulitple products |
*internapcdn.net | Powers updates to mulitple products |
GoToMeeting Domains |
---|
*.gotomeet.at |
*.gotomeet.me |
*.gotomeeting.com |
*.joingotomeeting.com |
*.openvoice.com |
GoToMeeting Telepresence Gateway IPs (used for In-Room Link) | |||
---|---|---|---|
18.204.185.138 | 34.198.211.44 | 35.163.21.126 | 52.89.244.74 |
18.206.130.144 | 34.206.8.154 | 35.166.83.0 | 54.186.65.8 |
18.211.0.202 | 34.228.176.67 | 50.112.11.246 | 54.203.109.236 |
18.211.229.161 | 34.234.40.144 | 52.25.211.189 | 54.203.115.241 |
18.211.247.213 | 35.153.82.243 | 52.27.246.42 | 54.203.143.218 |
18.211.9.229 | 52.2.173.223 | 52.27.40.170 | 54.203.206.175 |
18.213.41.148 | 52.206.127.145 | 52.27.43.192 | 54.214.61.16 |
18.213.73.2 | 52.5.71.46 | 52.34.131.227 | 54.214.78.209 |
34.193.160.65 | 52.7.210.26 | 52.37.50.38 | 54.218.221.152 |
34.193.181.152 | 52.72.27.55 | 52.41.250.106 | 54.71.117.16 |
Please note that you must also allowlist all domains listed for GoToMeeting.
GoToRoom Domains |
---|
*.dolbyvoice.com (for GoToRoom with Dolby Voice only) |
*.google-analytics.com |
*.gotoconference.com |
*.gotoroom.com |
*.jive.com |
*.jiveip.net |
*.jmp.tw |
GoToWebinar Domains |
---|
*.gotowebinar.com |
*.joinwebinar.com |
*.webinar.com |
*.gotostage.com |
*.cdn.walkme.com |
GoToTraining Domains |
---|
*.gototraining.com |
*.jointraining.com |
*.firebaseio.com |
*.firebaseapp.com |
*.cdn.walkme.com |
OpenVoice Domains |
---|
*.openvoice.com |
GoToConnect Domains |
---|
*.jive.com |
For more detailed information, please see What are GoToConnect's IP blocks?
Description | Block | Netmask | Wildcard |
---|---|---|---|
GoToConnect Block 1 | 199.36.248.0/22 | 255.255.252.0 | 0.0.3.255 |
GoToConnect Block 2 | 199.87.120.0/22 | 255.255.252.0 | 0.0.3.255 |
GoToConnect Block 3 | 162.250.60.0/22 | 255.255.252.0 | 0.0.3.255 |
GoToConnect IPv6 | 2606:CB00::/32 | — | — |
GoToAssist Domains |
---|
*.assist.com |
*.fastsupport.com |
*.go2assist.me |
*.gofastchat.com |
*.gotoassist.com |
*.gotoassist.at |
*.gotoassist.me |
*.helpme.net |
*logmeinrescue.com |
*.tokbox.com |
static.opentok.com |
enterprise.opentok.com |
api.opentok.com |
anvil.opentok.com |
hlg.toxbox.com |
GoToMyPC Domains |
---|
*.gotomypc.com |
Rescue Domains |
---|
*.LogMeIn123.com |
*.123rescue.com |
*.support.me |
*.logmeinrescue.com |
*.logmeinrescue.eu |
*.logmeinrescue-enterprise.com (Powers account-specific Rescue features, not required for standard accounts) |
*.logmein-gateway.com |
Rescue Lens Domains |
---|
*.logmeinrescue.com |
*.logmeinrescue-enterprise.com (only required for Enterprise accounts) |
LastPass Domains |
---|
*.lastpass.com |
*.lastpass.eu |
Join.me Domains |
---|
*.join.me |
BoldChat Domains |
---|
*.boldchat.com |
*.bold360.com |
Hamachi Domains |
---|
*.hamachi.cc |
LogMeIn Pro/Central Domains | Feature Supported |
---|---|
*.logmeinusercontent | For files stored and shared using the LogMeIn Pro Files feature |
*.browse.logmeinusercontent.com | For files stored and shared using the LogMeIn Pro Files feature |
lmi-antivirus-live.azureedge.net | For LogMeIn Central - Antivirus |
lmi-appupdates-live.azureedge.net | For LogMeIn Central - Application updates |
It is recommended to use wildcard rules whenever possible while allowlisting or blocking any LogMeIn services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel.
Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our LogMeIn products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.
If your firewall includes a content or application data scanning filter, this may cause a block or latency, which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the LogMeIn domains or IP ranges, including those of our third-party provider networks.
Equivalent specifications in 3 common formats
Assigned Range by Block | Numeric IP Address Range | Netmask Notation | CIDR Notation |
---|---|---|---|
Block 1 | 216.115.208.0 – 216.115.223.255 | 216.115.208.0 255.255.240.0 | 216.115.208.0/20 |
Block 2 | 216.219.112.0 – 216.219.127.255 | 216.219.112.0 255.255.240.0 | 216.219.112.0/20 |
Block 3 | 67.217.64.0 – 67.217.95.255 | 67.217.64.0 255.255.224.0 | 67.217.64.0/19 |
Block 4 | 173.199.0.0 – 173.199.63.255 | 173.199.0.0 255.255.192.0 | 173.199.0.0/18 |
Block 5 | 206.183.100.0 – 206.183.103.255 | 206.183.100.0 255.255.252.0 | 206.183.100.0/22 |
Block 6 | 68.64.0.0 – 68.64.31.255 | 68.64.0.0 255.255.224.0 | 68.64.0.0/19 |
Block 7 | 23.239.224.0 – 12.239.255.255 | 23.239.224.0 255.255.224.0 | 23.239.224.0/19 |
Block 8 | 202.173.24.0 – 202.173.31.255 | 202.173.24.0 255.255.248.0 | 202.173.24.0/21 |
Block 9 | 78.108.112.0 – 78.108.127.255 | 78.108.112.0 255.255.240.0 | 78.108.112.0/20 |
Block 10 | 185.36.20.0 – 185.36.23.255 | 185.36.20.0 255.255.252.0 | 185.36.20.0/22 |
Block 11 | 188.66.40.0 – 188.66.47.255 | 188.66.40.0 255.255.248.0 | 188.66.40.0/21 |
Block 12 | 45.12.196.0 – 45.12.199.255 | 45.12.196.0 255.255.252.0 | 45.12.196.0/22 |
Block 13 | 162.250.60.0 – 162.250.63.255 | 162.250.60.0 255.255.252.0 | 162.250.60.0/22 |
Block 14 | 199.36.248.0 – 199.36.251.255 | 199.36.248.0 255.255.252.0 | 199.36.248.0/22 |
Block 15 | 199.87.120.0 – 199.87.123.255 | 199.87.120.0 255.255.252.0 | 199.87.120.0/22 |
Block 16 | 66.151.158.0 – 66.151.158.255 | 66.151.158.0 255.255.255.0 | 66.151.158.0/24 |
Block 17 | 66.151.150.160 – 66.151.150.191 | 66.151.150.160 255.255.255.224 | 66.151.150.160/27 |
Block 18 | 64.74.80.0 – 64.74.80.255 | 64.74.80.0 255.255.255.0 | 64.74.80.0/24 |
Block 19 | 103.15.16.0 – 103.15.19.255 | 103.15.16.0 255.255.252.0 | 103.15.16.0/22 |
Block 20 | 64.74.17.0 – 64.74.17.255 | 64.74.17.0 255.255.255.0 | 64.74.17.0/24 |
Block 21 | 64.74.18.0 – 64.74.19.255 | 64.74.18.0 255.255.254.0 | 64.74.18.0/23 |
Block 22 | 64.74.103.0 – 64.74.103.255 | 64.74.103.0 255.255.255.0 | 64.74.103.0/24 |
Block 23 | 64.94.18.0 – 64.94.18.255 | 64.94.18.0 255.255.255.0 | 64.94.18.0/24 |
Block 24 | 64.94.46.0 – 64.94.47.255 | 64.94.46.0 255.255.254.0 | 64.94.46.0/23 |
Block 25 | 64.95.128.0 – 64.95.129.255 | 64.95.128.0 255.255.254.0 | 64.95.128.0/23 |
Block 26 | 66.150.108.0 – 66.150.108.255 | 66.150.108.0 255.255.255.0 | 66.150.108.0/24 |
Block 27 | 69.25.20.0 – 69.25.21.255 | 69.25.20.0 255.255.254.0 | 69.25.20.0/23 |
Block 28 | 69.25.247.0 – 69.25.247.255 | 69.25.247.0 255.255.255.0 | 69.25.247.0/24 |
Block 29 | 95.172.70.0 – 95.172.70.255 | 95.172.70.0 255.255.255.0 | 95.172.70.0/24 |
Block 30 | 111.221.57.0 – 111.221.57.255 | 111.221.57.0 255.255.255.0 | 111.221.57.0/24 |
Assigned by Block | Classless Inter-Domain Routing (CIDR) format |
---|---|
Block 1 | 2620:0:c70::/48 |
Block 2 | 2a04:6660::/30 |
We scale our services with third-party cloud and carrier networks for improved performance. To ensure continuous up-time, we also maintain data centers in the following regions:
Updated 11/15/2017
Hi Glenn,
Can you confirm if TCP 8200 needs to be unblocked, or will it just use 443 and 80 instead?
Thanks
James
Hi James,
Our software will test all 3 ports and use which ever allows outbound communication.
Great, thanks Glen.
Is there a way to prevent file sharing within the application? And is it compatible with both SOCKS and NTLM proxy servers?
Thanks
James
@james2484 GoToMeeting, GoToWebinar and GoToTraining do not have a file transfer feature. For the Proxy you maybe asked to provide your credentials before our sofware will be allowed to connect, we also have a Connection Wizard that can be run on Windows PCs to trigger this if needed.
I would recommend starting with our System Check page here: https://support.logmeininc.com/gotowebinar/system-check-attendee There is a test session that you can try to join to test out the flow. You can download and run our Connnection Wizard from here: https://support.logmeininc.com/article/g2m050025
Hi,
Is it possible to join a test session from the G2M setup MSI multi user installer? We use this in conjucntion with the GoToMeetingMultiUserOpener.
We have a relatively high secuirty environment, and the installed application doesn't seem to be running.
2948 _createProcess: ...
14:50:52 2948 E: Installer launch failed; command was: "C:\Users\BLAMPI~1\AppData\Local\Temp\CCCED23B-8675-4859-85EC-
for the test, it seems to be trying to download a component? Surely it shouldn't be trying to use this location?
Thanks
James
Hi James,
Yes, we do attempt to install the GoToMeeting endpoint through the AppData folder.
To join a test session, we have this page available: GoToMeeting Test Session
Hi,
During our testing, we’ve found that the G2M multi-client makes connections to *.expertcity.com as LocalSystem. This only occurs during live webinars, not pre-recorded ones.
As a result, we’ve had to whitelist the URL above on a per machine basis, which is a bit of a management headache.
Moving forward, we’d like to make this a global exception, but we’re unwilling to do so without understanding exactly what is going on here behind the scenes.
Cna you please clarify?
Thanks
James