Allowlisting and LogMeIn Rescue - non-enterprise customers

This article gives guidance to Rescue Administrators.

This document lists the required domains that must be allowlisted for LogMeIn Rescue to function properly. These domains enable core functionality, media traffic, and support services for non-enterprise customers.

Important: For information about SaaS products offered by GetGo, Inc., a subsidiary of GoTo, Inc., visit this page.

Attention: Starting from July 22, 2025, the allowlisted URLs for our media services will follow the same pattern as all other Rescue services and will be aligned with the *.logmeinrescue.com domain.

**Domains**
Old URL	New URL	Description	Port
*.remoteview.logmein.com	*.console.logmeinrescue.com	Global, next-gen media traffic	3489 (UDP traffic) or 443 (TCP traffic)
*.turn.console.gotoassist.com	*.turn.console.logmeinrescue.com	TURN Server for next-gen media, Global specific region	15000 (UDP traffic) or 443 (TCP traffic)

The new domains follow the same pattern as all other Rescue services and should already be allowlisted by your organization. Please ensure that your firewall allows connections to the following ports:

3489/UDP
15000/UDP

If your firewall blocks the master domains, please make sure to allow the appropriate URLs listed above as soon as possible. To avoid any service disruption, it is essential to add the new URLs to your firewall or proxy no later than July 21, 2025.

Required Domains

Warning: SSL inspection MUST be disabled for all whitelisted Rescue URLs to ensure proper functionality.

If you use Zscaler, follow these key steps:

Access the Zscaler Admin Portal.
Create a URL Category for Rescue domains.
Bypass SSL inspection for this category.
Configure firewall rules to allow required ports.

For detailed instructions see: Deploy LogMeIn Rescue within Zscaler environment.

**Domains**
Domain	Description	Port
*.logmeinrescue.com	Rescue Services non enterprise customers	443/TCP
*.logmein-gateway.com	Provides a list of gateways as part of DNS name resolution via the customers DNS servers	DNS lookup
*.logmein123.com	Vanity site used to request a PIN and download ad-hoc applet, by an end user, redirects to https://secure.logmeinrescue.com	443/TCP
*.support.me	Vanity site used to request a PIN and download ad-hoc applet, by an end user, redirects to https://secure.logmeinrescue.com	443/TCP
*.Rescuemobile.com	Vanity site used to request a PIN and download ad-hoc applet, by an end user, redirects to https://secure.logmeinrescue.com	443/TCP
*.oty.com	Vanity site used to request a PIN and download ad-hoc applet, by an end user, redirects to https://secure.logmeinrescue.com	443/TCP
*.remoteview.logmein.com	Global, next-gen media traffic	3489 (UDP traffic) or 443 (TCP traffic)
*.turn.console.gotoassist.com	TURN Server for next-gen media, Global specific region	15000 (UDP traffic) or 443 (TCP traffic)
update-cdn.logmeinrescue.com	Powers updates and invites external technicians	443/TCP
translation.logmeinrescue.com	Translation services	443/TCP

Note: It is recommended to use wildcard rules whenever possible while allowlisting or blocking any GoTo services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel. The services themselves communicate using port 443 (HTTPS/SSL) and port 80, so no additional ports need to be opened within a firewall.

Note: No TCP traffic passes through addresses marked as "DNS lookup only". The applet performs name resolution using customer DNS servers to determine the appropriate datacenter and gateway.

GoTo Admin Allowlisting Requirements for Billing Admins

The following allowlisting settings are required for Billing Admins only.

Domain	Purpose	URLs
*.goto.com	GoTo Products Homepage	https://admin.goto.com https://api.goto.com https://feedback.goto.com
*.getgo.com	Backend Services & APIs	https://iam.servers.getgo.com https://commerce.servers.getgo.com https://avatars.servers.getgo.com

Category	URLs
Authentication & Admin	https://admin.logmeininc.com https://authentication.logmeininc.com
Analytics & Monitoring	https://api.segment.io https://cdn.segment.com https://api-js.mixpanel.com https://o173976.ingest.us.sentry.io
User Experience & Feedback	https://cdn.pendo.io https://siteintercept.qualtrics.com
Communication	https://api.jive.com
Accessibility	https://cdn.disability.illinois.edu

Tip: To test whether network settings are blocking connection to GoTo Admin services, try accessing GoTo Admin outside of your company network.

IP Ranges

Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our GoTo products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.

If your firewall includes a content or application data scanning filter, this may cause a block or latency, which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges.

Limitations in case of using IP Ranges

The following features won't be able to use in case of using IP based allowlist since these are using dynamic IPs:

External technician invite: invited external technicians won't be able to reach one-time technician console to download. This applies to networks where the external technicians are located.
Auto-upgrade of Calling Card and Unattended endpoints won't be able to auto-upgrade. Manual upgrade and redeployment will be required.

Turn server IP list

Virginia	Oregon	London	Frankfurt	Singapore	Mumbai
3.228.209.196	44.229.217.227	3.10.62.125	3.72.25.221	175.41.141.140	3.108.206.123
3.230.232.226	44.232.77.24	3.11.130.196	3.72.174.252	18.140.137.139	13.232.7.181
18.206.68.238	52.13.255.230	13.42.92.190	3.73.150.182	54.255.48.58	43.205.76.185
34.232.43.4	52.35.84.247	18.134.118.217	3.122.32.27	54.255.100.96	65.0.112.174
35.153.21.190	54.185.112.207		18.158.121.211
50.17.158.207	54.189.249.52		18.158.218.2
52.0.88.112			35.156.13.147
52.54.244.43			52.28.148.85
54.146.34.187
54.204.126.154
54.227.77.39
107.21.27.28

For networks explicitly filtering outbound destination ports and protocols, the following ports are used on LogMeIn Rescue side:

443 TCP traffic for LogMeIn Rescue support sessions
3489 UDP traffic for LogMeIn Rescue file transfer sessions and as media session fallback
15000 UDP traffic for LogMeIn Rescue WebRTC server farm usage

Article last updated: 21 May, 2025

GoTo Connect

GoTo Meeting

GoTo Webinar

GoTo Room

GoTo Training

OpenVoice

Grasshopper

join.me

LogMeIn Resolve

LogMeIn Resolve MDM

LogMeIn Pro

LogMeIn Central

LogMeIn Rescue

GoToMyPC

GoToAssist

Hamachi

RemotelyAnywhere