Allowlisting and LogMeIn Rescue - data center range in the European Union

This article gives guidance to Rescue Administrators.

We suggest you allow the GoTo URLs listed below to ensure that GoTo services are able to connect.

Important: For information about SaaS products offered by GetGo, Inc., a subsidiary of GoTo, Inc., visit this page.

*.logmein.eu - GoTo's main site
*.logmeinrescue.eu*.logmeinrescue.com- Powers the LogMeIn Rescue service
*.logmeinrescue-enterprise.eu, *.logmeinrescue-enterprise.com - Powers account-specific LogMeIn Rescue features (should only be allowlisted by enterprise accounts)
*.logmein-gateway.com - Part of the LogMeIn Rescue service
update-cdn.logmeinrescue.com- Powers updates to LogMeIn Rescue
*.update.logmein.com- Powers updates to LogMeIn Rescue
*.logmein123.eu - Site used to connect to a LogMeIn Rescue technician
*.rescuemobile.eu - Site used to connect to a LogMeIn Rescue technician
*.remoteview.logmein.eu - Powers Nextgen media specific features for Rescue Lens and Rescue 7.50 and above.
*.turn.console.logmeinrescue.eu - Powers Nextgen media specific features for Rescue Lens and Rescue 7.50 and above.
*.lastpass.com -GoTo's leading password management solution for personal and enterprise use and for two factor authentication service

Note: This list includes sub-domains for these domains, so it is advisable to use wildcard rules wherever possible when you allowlist or block any GoTo service on your network. The client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel. The services themselves communicate using port 443 (HTTPS/SSL) and port 80, so no additional ports need to be opened within a firewall.

IP Ranges

It is recommended to use wildcard rules whenever possible while allowlisting or blocking any GoTo services on your network as sub-domains of the domains listed above are included. Also, the client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel.

Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance for your network. These changes are necessary to continue to provide the maximum performance for our GoTo products. Maintenance and failover events within our infrastructure may cause you to connect to servers within any of the ranges.

If your firewall includes a content or application data scanning filter, this may cause a block or latency, which would be indicated in the log files for the filter. To address this problem, verify that the domains or IP ranges will not be scanned or filtered by specifying exception domains or IP ranges. If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the GoTo domains or IP ranges, including those of our third-party provider networks.

We do not recommend explicit IP allowlisting of GoTo ranges. If URL allowlisting is not feasible, refer to the list of GoTo IP addresses.

GoTo EU IP addresses for use in firewall configurations

We do not recommend explicit IP allowlisting of GoTo ranges. If URL allowlisting is not feasible, refer to the list of GoTo IP addresses.

Equivalent specifications in 3 common formats

CIDR Notation	Numeric IP Range	Netmask Notation
158.120.16.0/20	158.120.16.0 - 158.120.31.255	158.120.16.0 255.255.240.0
176.34.175.41/32	176.34.175.41 - 176.34.175.41	176.34.175.41 255.255.255.255
176.34.201.99/32	176.34.201.99 - 176.34.201.99	176.34.201.99 255.255.255.255
18.202.5.124/32	18.202.5.124 - 18.202.5.124	18.202.5.124 255.255.255.255
34.254.76.175/32	34.254.76.175 - 34.254.76.175	34.254.76.175 255.255.255.255
34.255.156.182/32	34.255.156.182 - 34.255.156.182	34.255.156.182 255.255.255.255
46.137.118.35/32	46.137.118.35 - 46.137.118.35	46.137.118.35 255.255.255.255
52.19.6.219/32	52.19.6.219 - 52.19.6.219	52.19.6.219 255.255.255.255
52.209.158.52/32	52.209.158.52 - 52.209.158.52	52.209.158.52 255.255.255.255
52.210.249.247/32	52.210.249.247 - 52.210.249.247	52.210.249.247 255.255.255.255
52.49.175.18/32	52.49.175.18 - 52.49.175.18	52.49.175.18 255.255.255.255
54.154.227.245/32	54.154.227.245 - 54.154.227.245	54.154.227.245 255.255.255.255
54.170.31.64/32	54.170.31.64 - 54.170.31.64	54.170.31.64 255.255.255.255
54.217.134.155/32	54.217.134.155 - 54.217.134.155	54.217.134.155 255.255.255.255
54.220.196.131/32	54.220.196.131 - 54.220.196.131	54.220.196.131 255.255.255.255
54.246.98.107/32	54.246.98.107 - 54.246.98.107	54.246.98.107 255.255.255.255
54.73.215.233/32	54.73.215.233 - 54.73.215.233	54.73.215.233 255.255.255.255
54.75.205.153/32	54.75.205.153 - 54.75.205.153	54.75.205.153 255.255.255.255
63.33.145.40/32	63.33.145.40 - 63.33.145.40	63.33.145.40 255.255.255.255
64.95.128.0/23	64.95.128.0 - 64.95.129.255	64.95.128.0 255.255.254.0
79.125.88.65/32	79.125.88.65 - 79.125.88.65	79.125.88.65 255.255.255.255
95.172.70.0/24	95.172.70.0 - 95.172.70.255	95.172.70.0 255.255.255.0

Rescue Lens and Rescue Nextgen media

Lens Server / Data Center IP addresses:

CIDR Notation	Numeric IP Range	Netmask Notation
18.192.225.252/32	18.192.225.252 - 18.192.225.252	18.192.225.252 255.255.255.255
18.198.147.201/32	18.198.147.201 - 18.198.147.201	18.198.147.201 255.255.255.255
18.198.174.137/32	18.198.174.137 - 18.198.174.137	18.198.174.137 255.255.255.255
18.198.176.236/32	18.198.176.236 - 18.198.176.236	18.198.176.236 255.255.255.255

Nextgen media

Note: When you start a next-gen media streaming session, the applet initially attempts to connect to a streaming server allocated from the AWS pool. However, if the connection can’t be established (for example, due to strict firewall rules set by the customer), the session switches back to a turn server and proceeds through it.

*.remoteview.logmein.eu
turn.console.logmeinrescue.eu
For networks explicitly filtering outbound destination ports and protocols, the following ports are used on Rescue Lens side and Rescue Nextgen media: 15000 (UDP traffic) or 443 (TCP traffic) for Rescue media sessions.

Tip: It is recommended that you allow UDP traffic through port 15000. Restricting the traffic to TCP may decrease the quality of the Rescue media support experience.

Important: The use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, thus creating additional maintenance for your network. If URL allowlisting is not feasible, refer to the list of IP address in this document.

Third-party IP Ranges

You must also allowlist ranges for these third-party services:

Microsoft Azure

Chat Monitor

Needed only if you are using the Chat monitoring feature.

CIDR Notation	Numeric IP Range	Netmask Notation
18.193.134.63/32	18.193.134.63 - 18.193.134.63	18.193.134.63 255.255.255.255
3.74.125.23/32	3.74.125.23 - 3.74.125.23	3.74.125.23 255.255.255.255

Chat Translation

Needed only if you are using the Chat translation feature.

CIDR Notation	Numeric IP Range	Netmask Notation
35.156.70.123/32	35.156.70.123 - 35.156.70.123	35.156.70.123 255.255.255.255
3.76.184.175/32	3.76.184.175 - 3.76.184.175	3.76.184.175 255.255.255.255

Limitations in case of using IP Ranges

The following features won't be able to use in case of using IP based allowlist since these are using dynamic IPs:

External technician invite: invited external technicians won't be able to reach one-time technician console to download. This applies to networks where the external technicians are located.
Auto-upgrade of Calling Card and Unattended endpoints won't be able to auto-upgrade. Manual upgrade and redeployment will be required.

Email domains

For email invitations and correspondences from us and the GoTo software, we recommend allowing the following email domains through your email's spam and allowlist filters.

@m.logmein.com
@t.logmein.com
@logmeinrescue.com
@logmein.com
@m.lastpass.com
@t.lastpass.com

Article last updated: 18 November, 2024