HELP FILE

Allowlisting and Rescue - Data Center Range in the European Union

This article gives guidance to Rescue Administrators.

We suggest you allow the LogMeIn URLs listed below to ensure that LogMeIn services are able to connect.
Important: For information about SaaS products offered by GetGo, Inc., a subsidiary of LogMeIn, Inc., visit this page.
  • *.logmein.com, *.logmein.eu - LogMeIn's main site
  • *.logmeinrescue.com, *.logmeinrescue.eu - Powers the LogMeIn Rescue service
  • *.logmeinrescue-enterprise.eu, *.logmeinrescue-enterprise.com- Powers account-specific Rescue features (should only be allowlisted by enterprise accounts)
  • *.logmein-gateway.com - Part of the Rescue service
  • *.internap.net - Powers updates to Rescue and invite external technician feature
  • *.internapcdn.net - Powers updates to Rescue and invite external technician feature
  • *.update.logmein.com- Powers updates to Rescue
  • *.Logmein123.eu - Site used to connect to a Rescue technician
  • *.Rescuemobile.eu - Site used to connect to a Rescue technician
  • * .lastpass.com, *.lastpass.eu -LogMeIn's leading password management solution for personal and enterprise use and for two factor authentication service
Note: This list includes sub-domains for these domains, so it is advisable to use wildcard rules wherever possible when you allowlist or block any LogMeIn service on your network. The client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel. The services themselves communicate using port 443 (HTTPS/SSL) and port 80, so no additional ports need to be opened within a firewall.

IP Ranges

It is recommended to use wildcard rules whenever possible while allowlisting or blocking any LogMeIn services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel.

Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our LogMeIn products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.

If your firewall includes a content or application data scanning filter, this may cause a block or latency, which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the LogMeIn domains or IP ranges, including those of our third-party provider networks.

We do not recommend explicit IP allowlisting of LogMeIn ranges. If URL allowlisting is not feasible, refer to the list of LogMeIn IP addresses.

LogMeIn EU IP addresses for use in firewall configurations

We do not recommend explicit IP allowlisting of LogMeIn ranges. If URL allowlisting is not feasible, refer to the list of LogMeIn IP addresses.

Equivalent specifications in 3 common formats

CIDR Notation Numeric IP Range Netmask Notation
 
64.95.128.0/23 64.95.128.0 - 64.95.129.255 64.95.128.0 255.255.254.0
95.172.70.0/24 95.172.70.0 - 95.172.70.255 95.172.70.0 255.255.255.0
46.137.118.35/32 46.137.118.35 - 46.137.118.35 46.137.118.35 255.255.255.255
54.154.227.245/32 54.154.227.245 - 54.154.227.245 54.154.227.245 255.255.255.255
54.75.205.153/32 54.75.205.153 - 54.75.205.153 54.75.205.153 255.255.255.255
79.125.88.65/32 79.125.88.65 - 79.125.88.65 79.125.88.65 255.255.255.255
176.34.175.41/32 176.34.175.41 - 176.34.175.41 176.34.175.41 255.255.255.255
18.202.5.124/32 18.202.5.124 - 18.202.5.124 18.202.5.124 255.255.255.255
54.170.31.64/32 54.170.31.64 - 54.170.31.64 54.170.31.64 255.255.255.255
54.73.215.233/32 54.73.215.233 - 54.73.215.233 54.73.215.233 255.255.255.255
54.220.196.131/32 54.220.196.131 - 54.220.196.131 54.220.196.131 255.255.255.255
176.34.201.99/32 176.34.201.99 - 176.34.201.99 176.34.201.99 255.255.255.255
52.210.249.247/32 52.210.249.247 - 52.210.249.247 52.210.249.247 255.255.255.255
54.217.134.155/32 54.217.134.155 - 54.217.134.155 54.217.134.155 255.255.255.255
63.33.145.40/32 63.33.145.40 - 63.33.145.40 63.33.145.40 255.255.255.255
54.246.98.107/32 54.246.98.107 - 54.246.98.107 54.246.98.107 255.255.255.255
52.49.175.18/32 52.49.175.18 - 52.49.175.18 52.49.175.18 255.255.255.255
 

Third-party IP Ranges

You must also allowlist ranges for these third-party services:

Limitations in case of using IP Ranges

The following features won't be able to use in case of using IP based allowlist since these are using dynamic IPs:

  • External technician invite: invited external technicians won't be able to reach one-time technician console to download. This applies to networks where the external technicians are located.
  • Auto-upgrade of Calling Card and Unattended endpoints won't be able to auto-upgrade. Manual upgrade and redeployment will be required.

Email domains

For email invitations and correspondences from us and the LogMeIn software, we recommend allowing the following email domains through your email's spam and allowlist filters.

  • @m.logmein.com
  • @t.logmein.com
  • @logmeinrescue.com
  • @logmein.com
  • @m.lastpass.com
  • @t.lastpass.com