If you or your company uses firewall whitelist to restrict network access to only specific websites or software, then you can use the information below to ensure that your service can connect. (updated 1/2/19)
Our LogMeIn products are configured to work with the following ports.
|Outbound TCP 443||Required, used by all products. Needs to support WebSocket connections over HTTPS|
|Outbound TCP 80||Recommended, used for in-session communication|
|UDP 8200||Recommended, used for integrated Voice over IP (VoIP) and in-session communication|
|UDP 1853||Recommended, used for integrated webcam video support and Voice over IP (VoIP) and in-session communication|
|UDP 45000-49999||Used by GoToRoom for STUN traffic|
|UDP 123||Used by GoToRoom devices for time synchronization|
|Used for GoToRoom, InRoom Link video conference systems, and Jive|
|Inbound connections||Not required|
For most firewall or proxy systems, we recommend specifying a allowlist of DNS names for LogMeIn services so that outbound connections can be made. The list of LogMeIn domains currently includes (but is not limited to) the lists below.
This will soon change to *.filestackapi.com.
|*.cdngetgo.com||CDN used by multiple products|
|*.clientstream.launchdarkly.com||Third-party feature testing service|
|*.expertcity.com||Corporate domain used by multiple products|
Third-party file-hosting service
|*.getgo.com||Product domain used by multiple products|
|*.getgocdn.com||CDN used by multiple products|
|*.getgoservices.com||Product domain used by multiple products|
|*.getgoservices.net||Product domain used by multiple products|
|*.goto-rtc.com||Real-time communication service used by multiple products|
|*.launchdarkly.com||Third-party feature testing service|
|*.logmein.com||Corporate domain used by multiple products|
|*.logmeininc.com||Corporate domain used by multiple products|
|*logmein.eu||Corporate domain used by multiple products|
|*.raas.io||Real-time communication service used by multiple products|
|*accounts.logme.in||Corporate domain used by multiple products|
|*internap.net||Powers updates to mulitple products|
|*internapcdn.net||Powers updates to mulitple products|
|GoToMeeting Telepresence Gateway IPs (used for In-Room Link)|
Please note that you must also allowlist all domains listed for GoToMeeting.
|*.dolbyvoice.com (for GoToRoom with Dolby Voice only)|
For more detailed information, please see What are GoToConnect's IP blocks?
|GoToConnect Block 1||18.104.22.168/22||255.255.252.0||0.0.3.255|
|GoToConnect Block 2||22.214.171.124/22||255.255.252.0||0.0.3.255|
|GoToConnect Block 3||126.96.36.199/22||255.255.252.0||0.0.3.255|
|*.logmeinrescue-enterprise.com (Powers account-specific Rescue features, not required for standard accounts)|
|Rescue Lens Domains|
|*.logmeinrescue-enterprise.com (only required for Enterprise accounts)|
|LogMeIn Pro/Central Domains||Feature Supported|
|*.logmeinusercontent||For files stored and shared using the LogMeIn Pro Files feature|
|*.browse.logmeinusercontent.com||For files stored and shared using the LogMeIn Pro Files feature|
|lmi-antivirus-live.azureedge.net||For LogMeIn Central - Antivirus|
|lmi-appupdates-live.azureedge.net||For LogMeIn Central - Application updates|
It is recommended to use wildcard rules whenever possible while allowlisting or blocking any LogMeIn services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel.
Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our LogMeIn products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.
If your firewall includes a content or application data scanning filter, this may cause a block or latency, which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the LogMeIn domains or IP ranges, including those of our third-party provider networks.
Equivalent specifications in 3 common formats
|Assigned Range by Block||Numeric IP Address Range||Netmask Notation||CIDR Notation|
|Block 1||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.240.0||18.104.22.168/20|
|Block 2||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.240.0||184.108.40.206/20|
|Block 3||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.224.0||126.96.36.199/19|
|Block 4||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.192.0||18.104.22.168/18|
|Block 5||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.252.0||184.108.40.206/22|
|Block 6||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.224.0||126.96.36.199/19|
|Block 7||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.224.0||18.104.22.168/19|
|Block 8||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.248.0||184.108.40.206/21|
|Block 9||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.240.0||126.96.36.199/20|
|Block 10||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.252.0||18.104.22.168/22|
|Block 11||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.248.0||184.108.40.206/21|
|Block 12||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.252.0||126.96.36.199/22|
|Block 13||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.252.0||18.104.22.168/22|
|Block 14||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.252.0||184.108.40.206/22|
|Block 15||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.252.0||126.96.36.199/22|
|Block 16||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.255.0||18.104.22.168/24|
|Block 17||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.255.224||184.108.40.206/27|
|Block 18||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.255.0||126.96.36.199/24|
|Block 19||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.252.0||18.104.22.168/22|
|Block 20||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.255.0||184.108.40.206/24|
|Block 21||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.254.0||126.96.36.199/23|
|Block 22||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.255.0||18.104.22.168/24|
|Block 23||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.255.0||184.108.40.206/24|
|Block 24||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.254.0||126.96.36.199/23|
|Block 25||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.254.0||18.104.22.168/23|
|Block 26||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.255.0||184.108.40.206/24|
|Block 27||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.254.0||126.96.36.199/23|
|Block 28||188.8.131.52 – 184.108.40.206||220.127.116.11 255.255.255.0||18.104.22.168/24|
|Block 29||22.214.171.124 – 126.96.36.199||188.8.131.52 255.255.255.0||184.108.40.206/24|
|Block 30||220.127.116.11 – 18.104.22.168||22.214.171.124 255.255.255.0||126.96.36.199/24|
|Assigned by Block||Classless Inter-Domain Routing (CIDR) format|
We scale our services with third-party cloud and carrier networks for improved performance. To ensure continuous up-time, we also maintain data centers in the following regions:
Solved! Go to Solution.
You are receiving this email because you subscribed to our Optimal Firewall Configuration Information community post for updates. We will soon archive this post and replace it with a new one, please visit the new post and subscribe for future updates:
Our software will test all 3 ports and use which ever allows outbound communication.
@james2484 GoToMeeting, GoToWebinar and GoToTraining do not have a file transfer feature. For the Proxy you maybe asked to provide your credentials before our sofware will be allowed to connect, we also have a Connection Wizard that can be run on Windows PCs to trigger this if needed.
I would recommend starting with our System Check page here: https://support.logmeininc.com/gotowebinar/system-check-attendee There is a test session that you can try to join to test out the flow. You can download and run our Connnection Wizard from here: https://support.logmeininc.com/article/g2m050025
Is it possible to join a test session from the G2M setup MSI multi user installer? We use this in conjucntion with the GoToMeetingMultiUserOpener.
We have a relatively high secuirty environment, and the installed application doesn't seem to be running.
2948 _createProcess: ...
14:50:52 2948 E: Installer launch failed; command was: "C:\Users\BLAMPI~1\AppData\Local\Temp\CCCED23B-8675-4859-85EC-
for the test, it seems to be trying to download a component? Surely it shouldn't be trying to use this location?
Yes, we do attempt to install the GoToMeeting endpoint through the AppData folder.
To join a test session, we have this page available: GoToMeeting Test Session
During our testing, we’ve found that the G2M multi-client makes connections to *.expertcity.com as LocalSystem. This only occurs during live webinars, not pre-recorded ones.
As a result, we’ve had to whitelist the URL above on a per machine basis, which is a bit of a management headache.
Moving forward, we’d like to make this a global exception, but we’re unwilling to do so without understanding exactly what is going on here behind the scenes.
Cna you please clarify?