HELP FILE

Allowlisting and Rescue - Data Center Range in the European Union

    This article gives guidance to Rescue Administrators.

    We suggest you allow the GoTo URLs listed below to ensure that GoTo services are able to connect.

    Important: For information about SaaS products offered by GetGo, Inc., a subsidiary of GoTo, Inc., visit this page.
    • *.logmein.eu - GoTo's main site
    • *.logmeinrescue.eu - Powers the Rescue service
    • *.logmeinrescue-enterprise.eu,- Powers account-specific Rescue features (should only be allowlisted by enterprise accounts)
    • *.logmein-gateway.com - Part of the Rescue service
    • *.internap.net - Powers updates to Rescue and invite external technician feature
    • *.internapcdn.net - Powers updates to Rescue and invite external technician feature
    • *.update.logmein.com- Powers updates to Rescue
    • *.logmein123.eu - Site used to connect to a Rescue technician
    • *.rescuemobile.eu - Site used to connect to a Rescue technician
    • *.remoteview.logmein.eu - Powers Nextgen media specific features for Rescue Lens and Rescue 7.50 and above.
    • turn.console.logmeinrescue.eu - Powers Nextgen media specific features for Rescue Lens and Rescue 7.50 and above.
    • *.lastpass.eu -GoTo's leading password management solution for personal and enterprise use and for two factor authentication service
    Note: This list includes sub-domains for these domains, so it is advisable to use wildcard rules wherever possible when you allowlist or block any GoTo service on your network. The client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel. The services themselves communicate using port 443 (HTTPS/SSL) and port 80, so no additional ports need to be opened within a firewall.

    IP Ranges

    It is recommended to use wildcard rules whenever possible while allowlisting or blocking any GoTo services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel.

    Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our GoTo products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.

    If your firewall includes a content or application data scanning filter, this may cause a block or latency, which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the GoTo domains or IP ranges, including those of our third-party provider networks.

    We do not recommend explicit IP allowlisting of GoTo ranges. If URL allowlisting is not feasible, refer to the list of GoTo IP addresses.

    GoTo EU IP addresses for use in firewall configurations

    We do not recommend explicit IP allowlisting of GoTo ranges. If URL allowlisting is not feasible, refer to the list of GoTo IP addresses.

    Equivalent specifications in 3 common formats

    CIDR Notation Numeric IP Range Netmask Notation
    158.120.16.0/20 158.120.16.0 - 158.120.31.255 158.120.16.0 255.255.240.0
    176.34.175.41/32 176.34.175.41 - 176.34.175.41 176.34.175.41 255.255.255.255
    176.34.201.99/32 176.34.201.99 - 176.34.201.99 176.34.201.99 255.255.255.255
    18.202.5.124/32 18.202.5.124 - 18.202.5.124 18.202.5.124 255.255.255.255
    46.137.118.35/32 46.137.118.35 - 46.137.118.35 46.137.118.35 255.255.255.255
    52.210.249.247/32 52.210.249.247 - 52.210.249.247 52.210.249.247 255.255.255.255
    52.49.175.18/32 52.49.175.18 - 52.49.175.18 52.49.175.18 255.255.255.255
    54.154.227.245/32 54.154.227.245 - 54.154.227.245 54.154.227.245 255.255.255.255
    54.170.31.64/32 54.170.31.64 - 54.170.31.64 54.170.31.64 255.255.255.255
    54.217.134.155/32 54.217.134.155 - 54.217.134.155 54.217.134.155 255.255.255.255
    54.220.196.131/32 54.220.196.131 - 54.220.196.131 54.220.196.131 255.255.255.255
    54.246.98.107/32 54.246.98.107 - 54.246.98.107 54.246.98.107 255.255.255.255
    54.73.215.233/32 54.73.215.233 - 54.73.215.233 54.73.215.233 255.255.255.255
    54.75.205.153/32 54.75.205.153 - 54.75.205.153 54.75.205.153 255.255.255.255
    63.33.145.40/32 63.33.145.40 - 63.33.145.40 63.33.145.40 255.255.255.255
    64.95.128.0/23 64.95.128.0 - 64.95.129.255 64.95.128.0 255.255.254.0
    79.125.88.65/32 79.125.88.65 - 79.125.88.65 79.125.88.65 255.255.255.255
    95.172.70.0/24 95.172.70.0 - 95.172.70.255 95.172.70.0 255.255.255.0

    Rescue Lens and Rescue Nextgen media

    Lens Server / Data Center IP addresses:

    CIDR Notation Numeric IP Range Netmask Notation
    18.192.225.252/32 18.192.225.252 - 18.192.225.252 18.192.225.252 255.255.255.255
    18.198.147.201/32 18.198.147.201 - 18.198.147.201 18.198.147.201 255.255.255.255
    18.198.174.137/32 18.198.174.137 - 18.198.174.137 18.198.174.137 255.255.255.255
    18.198.176.236/32 18.198.176.236 - 18.198.176.236 18.198.176.236 255.255.255.255

    Nextgen media

    • *.remoteview.logmein.eu
    • turn.console.logmeinrescue.eu
    • For networks explicitly filtering outbound destination ports and protocols, the following ports are used on Rescue Lens side and Rescue Nextgen media: 15000 (UDP traffic) or 443 (TCP traffic) for Rescue media sessions.
    Tip: It is recommended that you allow UDP traffic through port 15000. Restricting the traffic to TCP may decrease the quality of the Rescue media support experience.
    Important: The use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, thus creating additional maintenance for your network. If URL allowlisting is not feasible, refer to the list of IP address in this document.

    Third-party IP Ranges

    You must also allowlist ranges for these third-party services:

    Limitations in case of using IP Ranges

    The following features won't be able to use in case of using IP based allowlist since these are using dynamic IPs:

    • External technician invite: invited external technicians won't be able to reach one-time technician console to download. This applies to networks where the external technicians are located.
    • Auto-upgrade of Calling Card and Unattended endpoints won't be able to auto-upgrade. Manual upgrade and redeployment will be required.

    Email domains

    For email invitations and correspondences from us and the GoTo software, we recommend allowing the following email domains through your email's spam and allowlist filters.

    • @m.logmein.com
    • @t.logmein.com
    • @logmeinrescue.com
    • @logmein.com
    • @m.lastpass.com
    • @t.lastpass.com