Firewall settings for LogMeIn Rescue
We need to configure our firewall to allow for LogMeIn Rescue for support to connect. What are the IP ranges, ports, and domain names needed?
LogMeIn Rescue
Client Support
Network
Enterprise ERP support uses LogMeIn Rescue for support remote sessions.
Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary.
LogMeIn Resuce IP Ranges
CIDR Notation | Numeric IP Range | Netmask Notation |
---|---|---|
111.221.57.0/24 | 111.221.57.0 - 111.221.57.255 | 111.221.57.0 255.255.255.0 |
176.34.175.41/32 | 176.34.175.41 - 176.34.175.41 | 176.34.175.41 255.255.255.255 |
176.34.201.99/32 | 176.34.201.99 - 176.34.201.99 | 176.34.201.99 255.255.255.255 |
18.202.5.124/32 | 18.202.5.124 - 18.202.5.124 | 18.202.5.124 255.255.255.255 |
212.118.234.0/24 | 212.118.234.0 - 212.118.234.254 | 212.118.234.0 255.255.254.0 |
46.137.118.35/32 | 46.137.118.35 - 46.137.118.35 | 46.137.118.35 255.255.255.255 |
52.210.249.247/32 | 52.210.249.247 - 52.210.249.247 | 52.210.249.247 255.255.255.255 |
52.49.175.18/32 | 52.49.175.18 - 52.49.175.18 | 52.49.175.18 255.255.255.255 |
54.154.227.245/32 | 54.154.227.245 - 54.154.227.245 | 54.154.227.245 255.255.255.255 |
54.170.31.64/32 | 54.170.31.64 - 54.170.31.64 | 54.170.31.64 255.255.255.255 |
54.217.134.155/32 | 54.217.134.155 - 54.217.134.155 | 54.217.134.155 255.255.255.255 |
54.220.196.131/32 | 54.220.196.131 - 54.220.196.131 | 54.220.196.131 255.255.255.255 |
54.246.98.107/32 | 54.246.98.107 - 54.246.98.107 | 54.246.98.107 255.255.255.255 |
54.73.215.233/32 | 54.73.215.233 - 54.73.215.233 | 54.73.215.233 255.255.255.255 |
54.75.205.153/32 | 54.75.205.153 - 54.75.205.153 | 54.75.205.153 255.255.255.255 |
63.251.34.0/24 | 63.251.34.0 - 63.251.34.255 | 63.251.34.0 255.255.255.0 |
63.251.46.0/23 | 63.251.46.0 - 63.251.47.255 | 63.251.46.0 255.255.254.0 |
63.33.145.40/32 | 63.33.145.40 - 63.33.145.40 | 63.33.145.40 255.255.255.255 |
64.74.103.0/24 | 64.74.103.0 - 64.74.103.255 | 64.74.103.0 255.255.255.0 |
64.74.17.0/24 | 64.74.17.0 - 64.74.17.255 | 64.74.17.0 255.255.255.0 |
64.74.18.0/23 | 64.74.18.0 - 64.74.19.255 | 64.74.18.0 255.255.254.0 |
64.94.18.0/24 | 64.94.18.0 - 64.94.18.255 | 64.94.18.0 255.255.255.0 |
64.94.46.0/23 | 64.94.46.0 - 64.94.47.255 | 64.94.46.0 255.255.254.0 |
64.95.128.0/23 | 64.95.128.0 - 64.95.129.255 | 64.95.128.0 255.255.254.0 |
66.150.108.0/24 | 66.150.108.0 - 66.150.108.255 | 66.150.108.0 255.255.255.0 |
67.217.80.0/23 | 67.217.80.0 - 67.217.81.255 | 67.217.80.0 255.255.254.0 |
69.25.20.0/23 | 69.25.20.0 - 69.25.21.255 | 69.25.20.0 255.255.254.0 |
69.25.247.0/24 | 69.25.247.0 - 69.25.247.255 | 69.25.247.0 255.255.255.0 |
79.125.88.65/32 | 79.125.88.65 - 79.125.88.65 | 79.125.88.65 255.255.255.255 |
95.172.70.0/24 | 95.172.70.0 - 95.172.70.255 | 95.172.70.0 255.255.255.0 |
We suggest you allow the GoTo URLs listed below to ensure that GoTo services are able to connect.
*.logmein.com, *.logmein.eu - GoTo's main site
*.logmeinrescue.com, *.logmeinrescue.eu - Powers the Rescue service
*.logmeinrescue-enterprise.eu, *.logmeinrescue-enterprise.com - Powers account-specific Rescue features (should only be allowlisted by enterprise accounts)
*.logmein-gateway.com- Part of the Rescue service
*.internap.net - Powers updates to multiple GoTo products
*.internapcdn.net - Powers updates to multiple GoTo products
*.logmein123.com, *.logmein123.eu - Site used to connect to a Rescue technician
*.123rescue.com - Site used to connect to a Rescue technician
*.support.me - Site used to connect to a Rescue technician
*.rescuemobile.eu - Site used to connect to a Rescue technician
*.rescuemobile.com - Site used to connect to a Rescue technician
*.oty.com - Site used to connect to a Rescue technician
* .logmeinc.com -GoTo's corporate website
*.remoteview.logmein.com - Powers Nextgen media-specific features for Rescue Lens and Rescue 7.50 and above.
turn.console.gotoassist.com - Powers Nextgen media-specific features for Rescue Lens and Rescue 7.50 and above.
* .lastpass.com, *.lastpass.eu -GoTo's leading password management solution for personal and enterprise use and for two factor authentication service
Note: This list includes sub-domains for these domains, so it is advisable to use wildcard rules wherever possible when you allowlist or block any GoTo service on your network. The client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel. The services themselves communicate using port 443 (HTTPS/SSL) and port 80, so no additional ports need to be opened within a firewall.
If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the GoTo domains or IP ranges,
For additional information, please see the following LogMeIn Rescue documentation:
https://support.logmeinrescue.com/rescue/help/allowlisting-and-rescue
https://secure.logmeinrescue.com/welcome/documents/pdfs/rescue_admin_center_userguide.pdf (Pages 31-37)