Firewall settings for LogMeIn Rescue



Description of Issue

We need to configure our firewall to allow for LogMeIn Rescue for support to connect. What are the IP ranges, ports, and domain names needed?



Context
  • LogMeIn Rescue

  • Client Support

  • Network



Cause

Enterprise ERP support uses LogMeIn Rescue for support remote sessions.



Resolution

Use of IP ranges instead of domain names for the firewall configuration is discouraged unless absolutely necessary.

LogMeIn Resuce IP Ranges

CIDR Notation

Numeric IP Range

Netmask Notation

111.221.57.0/24

111.221.57.0 - 111.221.57.255

111.221.57.0 255.255.255.0

176.34.175.41/32

176.34.175.41 - 176.34.175.41

176.34.175.41 255.255.255.255

176.34.201.99/32

176.34.201.99 - 176.34.201.99

176.34.201.99 255.255.255.255

18.202.5.124/32

18.202.5.124 - 18.202.5.124

18.202.5.124 255.255.255.255

212.118.234.0/24

212.118.234.0 - 212.118.234.254

212.118.234.0 255.255.254.0

46.137.118.35/32

46.137.118.35 - 46.137.118.35

46.137.118.35 255.255.255.255

52.210.249.247/32

52.210.249.247 - 52.210.249.247

52.210.249.247 255.255.255.255

52.49.175.18/32

52.49.175.18 - 52.49.175.18

52.49.175.18 255.255.255.255

54.154.227.245/32

54.154.227.245 - 54.154.227.245

54.154.227.245 255.255.255.255

54.170.31.64/32

54.170.31.64 - 54.170.31.64

54.170.31.64 255.255.255.255

54.217.134.155/32

54.217.134.155 - 54.217.134.155

54.217.134.155 255.255.255.255

54.220.196.131/32

54.220.196.131 - 54.220.196.131

54.220.196.131 255.255.255.255

54.246.98.107/32

54.246.98.107 - 54.246.98.107

54.246.98.107 255.255.255.255

54.73.215.233/32

54.73.215.233 - 54.73.215.233

54.73.215.233 255.255.255.255

54.75.205.153/32

54.75.205.153 - 54.75.205.153

54.75.205.153 255.255.255.255

63.251.34.0/24

63.251.34.0 - 63.251.34.255

63.251.34.0 255.255.255.0

63.251.46.0/23

63.251.46.0 - 63.251.47.255

63.251.46.0 255.255.254.0

63.33.145.40/32

63.33.145.40 - 63.33.145.40

63.33.145.40 255.255.255.255

64.74.103.0/24

64.74.103.0 - 64.74.103.255

64.74.103.0 255.255.255.0

64.74.17.0/24

64.74.17.0 - 64.74.17.255

64.74.17.0 255.255.255.0

64.74.18.0/23

64.74.18.0 - 64.74.19.255

64.74.18.0 255.255.254.0

64.94.18.0/24

64.94.18.0 - 64.94.18.255

64.94.18.0 255.255.255.0

64.94.46.0/23

64.94.46.0 - 64.94.47.255

64.94.46.0 255.255.254.0

64.95.128.0/23

64.95.128.0 - 64.95.129.255

64.95.128.0 255.255.254.0

66.150.108.0/24

66.150.108.0 - 66.150.108.255

66.150.108.0 255.255.255.0

67.217.80.0/23

67.217.80.0 - 67.217.81.255

67.217.80.0 255.255.254.0

69.25.20.0/23

69.25.20.0 - 69.25.21.255

69.25.20.0 255.255.254.0

69.25.247.0/24

69.25.247.0 - 69.25.247.255

69.25.247.0 255.255.255.0

79.125.88.65/32

79.125.88.65 - 79.125.88.65

79.125.88.65 255.255.255.255

95.172.70.0/24

95.172.70.0 - 95.172.70.255

95.172.70.0 255.255.255.0


We suggest you allow the GoTo URLs listed below to ensure that GoTo services are able to connect.

  • *.logmein.com, *.logmein.eu - GoTo's main site

  • *.logmeinrescue.com, *.logmeinrescue.eu - Powers the Rescue service

  • *.logmeinrescue-enterprise.eu, *.logmeinrescue-enterprise.com - Powers account-specific Rescue features (should only be allowlisted by enterprise accounts)

  • *.logmein-gateway.com- Part of the Rescue service

  • *.internap.net - Powers updates to multiple GoTo products

  • *.internapcdn.net - Powers updates to multiple GoTo products

  • *.logmein123.com, *.logmein123.eu - Site used to connect to a Rescue technician

  • *.123rescue.com - Site used to connect to a Rescue technician

  • *.support.me - Site used to connect to a Rescue technician

  • *.rescuemobile.eu - Site used to connect to a Rescue technician

  • *.rescuemobile.com - Site used to connect to a Rescue technician

  • *.oty.com - Site used to connect to a Rescue technician

  • * .logmeinc.com -GoTo's corporate website

  • *.remoteview.logmein.com - Powers Nextgen media-specific features for Rescue Lens and Rescue 7.50 and above.

  • turn.console.gotoassist.com - Powers Nextgen media-specific features for Rescue Lens and Rescue 7.50 and above.

  • * .lastpass.com, *.lastpass.eu -GoTo's leading password management solution for personal and enterprise use and for two factor authentication service

Note: This list includes sub-domains for these domains, so it is advisable to use wildcard rules wherever possible when you allowlist or block any GoTo service on your network. The client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel. The services themselves communicate using port 443 (HTTPS/SSL) and port 80, so no additional ports need to be opened within a firewall.


If your security policy requires you to specify explicit domain or IP ranges, then configure your firewall exceptions for outbound TCP ports 8200, 443, and 80 as well as UDP ports 8200 and 1853 for the GoTo domains or IP ranges,



Additional Information