LogMeIn support sites no longer support Microsoft's Internet Explorer (IE) browser. Please use a supported browser to ensure all features perform as they should (Chrome / FireFox / Edge).

The GoTo support site no longer supports Safari 15. Please upgrade your browser to Safari 16 (or newer) or switch to a supported browser such as Google Chrome, Mozilla Firefox, or Microsoft Edge.

Award-winning online meeting software. Discover GoTo Meeting.

We are currently experiencing an unplanned outage for this product. View Service Status
  • Support
  • Products

    Explore support by product

    GoTo Connect

    All-in-one phone, meeting and messaging software

    GoTo Meeting

    Video and audio meeting software

    GoTo Webinar

    All-in-one webinar and virtual events software

    GoTo Room

    Conference room hardware

    GoTo Training

    Online training software

    OpenVoice

    Audio conferencing software

    Grasshopper

    Lightweight virtual phone system

    join.me

    Video conferencing software

    LogMeIn Resolve

    IT management & support

    LogMeIn Resolve MDM

    Mobile device management

    LogMeIn Pro

    Remote device access

    LogMeIn Central

    Remote monitoring & management

    LogMeIn Rescue

    Remote IT support

    GoToMyPC

    Remote desktop access

    GoToAssist

    Remote support software

    Hamachi

    Hosted VPN service

    RemotelyAnywhere

    On-prem remote access solution
  • Community
  • Trainings
  • Service Status
  • Try the improved My Cases portal

    Easily manage your ticket, track its status, contact us from an existing case, and more.

    Sign in to try
  • Language selector icon Language selector icon
    • English
    • français
    • italiano
    • Deutsch
    • español
    • português
    • Nederlands
  • Contact Support
  • Service Status
  • User Avatar User Avatar
    • Support
    • Contact Support
    • Browse Products
    • Service Status
    • Community
    • Trainings
    • Sign in
    • User Avatar
    • My Account
    • Personal Info
    • Sign In & Security
    • My Cases
    • Billing Center
    • https://link.goto.com/myaccount-billing
    • My GoTo Connect
    • My Meetings
    • My Webinars
    • My Trainings
    • My Conferences
    • My Resolutions
    • My Mobile Devices
    • My Sessions
    • My Sessions
    • My Incidents
    • Sign out
  • GoTo Meeting
  • Account and Billing
  • General FAQs
product logo
Back button image Back
Back button image
product logo

Minimal Firewall Settings for the GoTo App

Below are the necessary firewall and proxy configuration options that are required to start a session and use audio, video and screen sharing successfully on our GoTo app (desktop and browser versions).

There are more advanced and custom settings that can be applied depending on your product, but again, this article covers the minimum settings needed for you to successfully run the GoTo app. If you are using our legacy app, see the mimimum settings needed here. If you are interested in more advanced custom settings, see our overall allowlist and firewall settings here (which can then be filtered by a specific product as desired).

Version 2.3

Domains

There are several domains used by GoTo, but not all are needed for running meetings. The following lists of domains are essential for running your meetings and thus will need to be added to your allow-list:
Essential DNS domains
# Domain Use Protocol Points to IP addresses in
1 *.goto.com Main domain TCP —
2 *.goto-rtc.com Audio and video servers - uses WebSocket for some connections UDP/TCP GoTo/AWS/OCI
3 *.jive.com General connections used by GoToConnect UDP/TCP —
4 *.getgo.com Various services TCP AWS/OCI
5 *.gotomeeting.com Various services TCP GoTo/AWS/OCI
6 *.logmeininc.com Authentication (critical) — AWS/OCI
7 *.expertcity.com Audio and screen sharing servers TCP GoTo
Additional domains required for GoTo Training
# Domain Use Protocol Points to IP addresses in
1 *.gototraining.com Central domain (required for GoTo Training only) TCP GoTo
2 *.firebase.app Editor for creating polls, can be launched in-session TCP Google
3 apis.google.com Google drive sharing TCP Google
4 *.youtube.com *.googlevideo.com YouTube video sharing TCP Google
Additional domains required for GoTo Webinar
# Domain Use Protocol Points to IP addresses in
1 *.gotowebinar.com YouTube video sharing TCP GoTo/AWS/OCI
2 *.recordingassets.logmeininc.com *.lmiinc.test.expertcity.com Video playbacks in webinar TCP —
Note: Since the signaling is always handled through port 443 TCP, we recommend that you exclude the above domains from any kind of traffic interception. Routing them through an https proxy usually works, but deep packet inspection may either break the certificate chain for the TLS setup or delay packets to the point that quality will suffer.

Port usage: Signaling vs. media connections

There are two distinct types of network connections used by GoTo:
  • Signaling connections —
    • TCP port 443. Depending on the function, the protocol used is HTTPS/TLS/SSL/WS.
  • Media transport connections (for VOIP, Camera, & Screensharing)—
    • UDP port 45000-65535 or
    • UDP port 3478 or
    • TCP port 3478 or port 443

There are 4 general configuration scenarios for Goto traffic as outlined below in Configuration scenarios.

GoTo owned IP ranges for media traffic

All Media and TURN servers are deployed in the following IPv4 ranges, owned by GoTo Group, Inc.:
  • 68.64.0.0/19
  • 173.199.0.0/18
  • 78.108.124.0/23
  • 202.173.24.0/21
  • 23.239.224.0/19

Configuration scenarios

The following scenarios are provided by the GoTo Engineering team. Choose the option best suited for your needs (Each option is detailed below this list):

  • Traffic in case of no restrictions — Recommended for best performance
  • UDP over TURN — Recommended for best performance
  • TCP 3478 / 443 over TURN
  • TCP 443 over TURN — Most restricted in call quality due to things such as deep packet inspection

Traffic in case of no restrictions

In this configuration, common to a typical home user, UDP traffic to the port range 45000-65535 can be restricted to the above listed GoTo IP ranges. TCP traffic to port 443 is not restricted. The destination IP ranges for these TCP connections belong to the GoTo/AWS/OCI address space, so it is not useful to run restrictions based on the IP ranges. This setup will also deliver the shortest delays and best error correction in the case of packet loss compared to the scenarios below. However, it requires an unrestricted firewall setup that relies on stateful inspection to open inbound UDP ports as needed. All traffic is initiated from inside the GoTo client network out.

Remember: If you use https filtering, make sure the domains listed above are excluded from deep packet inspection. Otherwise there may be connection issues due to modified certificates.
Packet filter settings
Protocol Dst Port Dst Address Action
UDP 45000-65535 GoTo IP ranges Allow
TCP 443 All Allow

UDP over TURN (only one port required)

In this configuration, all media traffic is sent through a GoTo TURN server using UDP. Traffic to TCP 443 is solely used for signaling, which is why routing it through an https proxy will not impact performance.
Remember: If you use https filtering, make sure the domains listed above are excluded from deep packet inspection, otherwise there might be connection issues due to modified certificates.
Here are the firewall settings needed:
Packet filter settings
Protocol DST Port DST Addr Action
UDP 3478 GoTo IP ranges Allow
TCP 443 All Allow

TCP 3478 / 443 over TURN

In this configuration, TCP is used to transport media to the TURN server. Behind the TURN server, UDP is used towards the GoTo infrastructure. Since TURN servers are in the same geolocation as the user, this helps mitigate some of the drawbacks of TCP over long distances. However, it is not as efficient with handling packet loss as UDP is, which means that you can expect a higher amount of dropped audio and a higher delay compared to the above configuration. Whether the TCP 443 traffic is sent through a proxy or not is up to your discretion.

Packet filter settings
Protocol DST Port DST Addr Action
TCP 3478 GoTo IP ranges Allow
TCP 443 All Allow

TCP 443 over TURN

This is the most restricted scenario. You may or may not run the TCP 443 traffic through a proxy. Doing so will add additional latency to the connection. It also requires a performant proxy to handle the high amount of traffic, especially for video.

Packet filter settings
Protocol DST Port DST Addr Action
TCP 443 All Allow

Proxy configuration notes

  • If your proxy is performing deep packet inspection (DPI), please be sure that all domains listed above are allow listed. DPI can impact the initial TLS connection and slow down media streams due to processing delays.
  • It's less of a problem to have DPI in the path for the signaling connections if you have the media sent via UDP. The only potential issue with this is certificate mismatch, which should not happen with correct configuration of certificates on your endpoints.
  • GoTo generally uses the configured proxy from the operating system. If a proxy is configured, all TCP traffic will be routed through it. GoTo will nevertheless try to establish UDP connections for media. It is only when these UDP connections fail that TCP media connections over the proxy will be used.
  • In order to send GoTo traffic to a specific proxy different from the one for other traffic, you can use a standard proxy.pac file based on the DNS domains listed above.

VPN configuration notes

Generally, the WebRTC used in GoTo will probe all network interfaces on your system for media connections and may decide a path different from the routes in the local routing table if it does connect. This can be a problem with VPN solutions like Cisco AnyConnect, which rely on changes in the routing table to send packets into the VPN tunnel. However, the opposite may also happen where the VPN tunnel is selected in a split tunnel VPN despite a direct connection being available. This is typically due to lower interface metrics set on VPN interfaces.

The only way to force WebRTC to use a certain path is to completely block the other paths for UDP on the aforementioned GoTo IP ranges.

Zscaler specific configurations

If you use Zscaler to filter your traffic, it needs to be configured for GoTo to work with for best performance. As Zscaler config is extremely complex and individual, this is only a starting point for your configuration. If you encounter any trouble, select Contact Support for our support team to get you in touch with our engineering team directly.

Contact Support button

View the config switch in the Zscaler config here. This will exclude known GoTo domains and IP ranges as laid out here from some types of inspections.

Important: Please consider that while GoTo can be used as a standalone app, it is also available from supported browsers; so, while you can define exceptions based on the binary (GoTo.exe on MS Windows), it will not be effective for browser users. If you are deploying Zscaler Internet Access and use split tunnel, it's best to break out the GoTo UDP traffic at the client to go directly to the Internet.
Related Articles:
  • Allowlisting and Firewall Configuration for GoTo Meeting
  • Third-Party Provider IP Ranges for Audio, Video, and Screen Sharing Services
  • Minimal Firewall Settings for Using the V10 GoTo Webinar Desktop App
Article last updated: 29 March, 2024
You are viewing the latest version of this article.

Need help?

Contact icon Contact support
Manage Cases icon Manage cases
Community icon Ask the Community
Training icon Attend trainings
Video icon Watch videos
  • Language selector icon Language selector icon
    • English
    • français
    • italiano
    • Deutsch
    • español
    • português
    • Nederlands
  • About Us
  • Terms of Service
  • Privacy Policy
  • Trademark
  • Do Not Sell or Share My Personal Info
  • Browse Products
  • Copyright © 2025 GoTo Group, Inc. All rights reserved

Collaboration Products

GoTo Connect

GoTo Meeting

GoTo Webinar

GoTo Training

join.me

Grasshopper

OpenVoice

Remote Solutions Products

GoTo Resolve

Rescue

GoToAssist

Access Products

Pro

Central

GoToMyPC