LogMeIn support sites no longer support Microsoft's Internet Explorer (IE) browser. Please use a supported browser to ensure all features perform as they should (Chrome / FireFox / Edge).

The GoTo support site no longer supports Safari 15. Please upgrade your browser to Safari 16 (or newer) or switch to a supported browser such as Google Chrome, Mozilla Firefox, or Microsoft Edge.

Award-winning online meeting software. Discover GoTo Meeting.

We are currently experiencing an unplanned outage for this product. View Service Status
  • Support
  • Products

    Explore support by product

    GoTo Connect

    All-in-one phone, meeting and messaging software

    GoTo Meeting

    Video and audio meeting software

    GoTo Webinar

    All-in-one webinar and virtual events software

    GoTo Room

    Conference room hardware

    GoTo Training

    Online training software

    OpenVoice

    Audio conferencing software

    Grasshopper

    Lightweight virtual phone system

    join.me

    Video conferencing software

    LogMeIn Resolve

    IT management & support

    LogMeIn Resolve MDM

    Mobile device management

    LogMeIn Pro

    Remote device access

    LogMeIn Central

    Remote monitoring & management

    LogMeIn Rescue

    Remote IT support

    GoToMyPC

    Remote desktop access

    GoToAssist

    Remote support software

    Hamachi

    Hosted VPN service

    RemotelyAnywhere

    On-prem remote access solution
  • Community
  • Trainings
  • Service Status
  • Try the improved My Cases portal

    Easily manage your ticket, track its status, contact us from an existing case, and more.

    Sign in to try
  • Language selector icon Language selector icon
    • English
    • français
    • italiano
    • Deutsch
    • español
    • português
    • Nederlands
  • Contact Support
  • Service Status
  • User Avatar User Avatar
    • Support
    • Contact Support
    • Browse Products
    • Service Status
    • Community
    • Trainings
    • Sign in
    • User Avatar
    • My Account
    • Personal Info
    • Sign In & Security
    • My Cases
    • Billing Center
    • https://link.goto.com/myaccount-billing
    • My GoTo Connect
    • My Meetings
    • My Webinars
    • My Trainings
    • My Conferences
    • My Resolutions
    • My Mobile Devices
    • My Sessions
    • My Sessions
    • My Incidents
    • Sign out
  • GoTo Meeting
  • Account and Billing
  • General FAQs
product logo
Back button image Back
Back button image
product logo

Minimal Firewall Settings for Using the V10 GoTo Webinar Desktop App

Please review the minimal settings for firewall/proxy configuration that outline the IP ranges and DNS domains that must be allowed through the firewall/proxy respectively and excluded from any deep packet inspection. This is for version 10 of the classic GoTo Webinar desktop app.

Status: Verified

This document and sample scenarios are recommendations made by the GoTo Engineering team. There are other considerations and configurations on which traffic goes through a proxy or directly through a firewall.
Note: This setup has been tested to work in the GoTo network lab but may not cover all environments and scenarios.

GoTo IP Ranges

All critical media services are tied to these ranges. Ideally, they should go directly through any network perimeter and not through a proxy.

The hypothesis is that all GoTo Meeting traffic not going to these ranges uses plain HTTPS or WebSocket and can easily be redirected through an inspecting HTTPS proxy.

TCP port 443 (Connection)
Connection setup for all media, the download of various application parts, and Telemetry — we use TLS over plain TCP, HTTPS, as well as WebSocket.
Range Use

23.239.228.0/22

23.239.232.0/23

23.239.234.0/23

23.239.236.0/23

VCS (Video servers)
67.217.64.0/19 VGW (Audio servers)
68.64.0.0/19 VCS (Video servers), VGW and Edge (Audio servers)
78.108.112.0/20 VCS (Video servers)
173.199.0.0/18 VCS (Video servers), VGW and Edge (Audio servers), attendee.gotowebinar.com, global.gotowebinar.com, global.gototraining.com
202.173.24.0/21 MCS (Screen sharing servers)
216.115.208.0/20 VGW (Audio servers), egwglobal.gotomeeting.com, egw.gotomeeting.com (Connection detection)
UDP port 1853, 8200 (Audio/Video)
If these UDP ports are not open, GoTo Meeting will fall back to TCP (which may affect media and connection quality). We run encrypted, non-standard traffic on these connections so any firewall trying to detect something smart will fail.
Range Use

23.239.228.0/22

23.239.232.0/23

23.239.234.0/23

23.239.236.0/23

VCS (Video servers)
67.217.64.0/19 VGW (Audio servers)
68.64.0.0/19 VCS (Video servers), VGW (Audio servers), see TCP
78.108.112.0/20 VCS (Video servers)
173.199.0.0/18 VCS (Video servers), VGW (Audio servers) see TCP
216.115.208.0/20 VGW (Audio servers)

Domains

The list of domains used by the GoTo Webinar desktop app currently includes (but is not limited to) the following:
Domain Use Points to IP addresses in
1 *.goto.com Central domain for starting sessions AWS
2 *.getgo.com Various services AWS
3 *.gotomeeting.com Various services GoTo/AWS
4 *.expertcity.com Audio and Screen sharing servers GoTo
5 *.goto-rtc.com Audio and Video servers GoTo
6 *.logmeininc.com Authentication (critical) AWS
7 *.gotowebinar.com Central domain (required for GoToWebinar only) GoTo/AWS
8 *.gototraining.com Central domain (required for GoTo Training only) GoTo
9 *.launchdarkly.com External service provider for feature enablement (does not work through proxy, not critical) Google Cloud
10 api-pub.mltree.net GoTo Marketing (not critical) AWS

GoTo Opener

This is a separate program used to download and start native GoTo Meeting. It uses the following domains (HTTPS, port 443 TCP).
Domain Use Points to IP addresses in
launch.getgo.com Conference Launch Service GoTo
join.servers.getgo.com Conference Launch Service AWS
builds.cdn.getgo.com Download CDN for GoTo Meeting builds AWS
builds.getgocdn.com Download CDN for GoTo Meeting builds GoTo

General network configuration modes

In an unrestricted network, GoTo Meeting will open a number of TCP and UDP connections to a variety of ports, some of them essential e.g., to transmit audio data and others non-essential e.g., the one for marketing pop-ups. The first eight (8) domains in the list above need to be excluded from deep packet inspection, if there are any on the network path.

Furthermore, the connections initiated by GoTo Meeting can be split into three (3) categories:
  • TCP towards GoTo IP ranges
  • UDP towards GoTo IP ranges
  • TCP towards other IP ranges (currently AWS and Google Cloud address spaces)
Based on this distinction, there are four (4) different ways to configure your network.
Mode Pros & Cons Configuration steps
All TCP using port 443 over HTTPS proxy, no use of UDP

Pros

This is the simplest configuration mode.
Cons
  • The exclusive use of TCP for media can lead to bad audio and video quality and interruptions (if there is any packet loss on the underlying IP connection from the client machine to the GoTo servers). As the majority of servers are US-based, this will impact customers outside of the United States.
  • Connection establishment takes longer in unrestricted networks due to extended probing.
  1. On your firewall, block the following:
    • All outbound TCP traffic towards port 443, 80, and 8200.
    • All outbound UDP traffic towards port 1853 and 8200.
  2. On client computers, configure a HTTPS proxy for port 443.
All TCP using port 443 over HTTPS proxy, UDP goes directly through the firewall

Pros

  • Media can use UDP which improves perceived audio and video quality.
  • It is comparably easier to configure and debug as TCP and UDP is clearly separated.

Cons

Connection establishment takes longer than in unrestricted networks due to extended probing.
  1. On your firewall, configure the following:
    • Block all outbound TCP traffic towards ports 443, 80, and 8200.
    • Allow outbound UDP traffic towards ports 1853 and 8200 (you may also restrict the address ranges to the GoTo IP ranges for UDP listed above.
  2. On client computers, configure a HTTPS proxy.
TCP and UDP towards GoTo IP ranges goes directly through the firewall, TCP to other IP ranges goes through HTTPS proxy

Pros

Best media and screen sharing performance, quick connection establishment.

Cons

Configuration is more complex and harder to debug.
  1. On your firewall, configure the following:
    • Allow outbound TCP traffic towards port 443 only for the address ranges designated in GoTo IP ranges for TCP above.
    • Block all other outbound TCP traffic towards port 443, 80, and 8200.
    • Allow outbound UDP traffic towards port 1853 and 8200 – you may also restrict the address ranges to the GoTo IP ranges for UDP list above.
      Note: Make sure that inbound return traffic is also passed through (stateful).
  2. On client computers, configure a HTTPS proxy.
Run a stateful firewall and allow all outbound TCP and UDP traffic and return traffic based on state

Pros

No configuration required as all traffic is initiated from the client. The firewall will open the required inbound connections automatically.

Cons

This is the default configuration for many firewalls, but rarely used in more complex networks due to additional security requirements.
Does not need additional configuration.

VPN configuration

If you use a VPN, there are several ways to route the different streams. The options reflect the modes listed in the table above; however, you will have to use routing to decide which traffic goes where (which makes it difficult to separate UDP from TCP traffic).

For this reason, we recommend one of the following options:
  • Route everything through the VPN tunnel.
  • Allow all GoTo IP ranges to go directly to the Internet (TCP and UDP), send all other traffic through the VPN.
  • Send only internal traffic (i.e., 10.X.X.X and 192.168.X.X) into the VPN tunnel, and send the rest directly to the internet.

TCP traffic sent through the VPN tunnel may or may not go through a proxy after traversing through the tunnel. There are other configurations that can be discussed with the GoTo Engineering team on a case-by-case basis.

Proxy configuration notes

If your proxy is performing deep packet inspection, please be sure that all domains listed above are allowlisted. Deep packet inspection can impact the initial TLS connection and slow down media streams due to processing delays.

Although GoTo Meeting reads many sources for proxy configuration (e.g., system proxy, Firefox proxy, PAC files, WPAD), the proxy detection might yield unexpected results. One aspect is that the logic used to parse PAC files does not support all variations of possible rules. The other aspect is that proxies stored in the GoTo Meeting registry are sometimes used in the connection detection. As soon as GoTo Meeting finds out it can establish a connection through a stored proxy, it might also use it, although other configurations might indicate another proxy.

The easiest way to verify proxy usage is through the GoTo Meeting log file.

macOS and Mac OS X

Log files are stored here: /Users/username/Library/Logs/com.logmein.GoToMeeting.

To clear existing proxy entries, delete these keys: defaults -currentHost read com.logmein.GoToMeeting |grep ConnectionInfo.

Windows

Log files are stored here: %Temp%\LogMeInLogs\GoToMeeting. Look for the folder with the latest date.

To clear existing proxy entries, delete these keys: HKEY_CURRENT_USER\SOFTWARE\LogMeInInc\GoToMeeting\ConnectionInfo.

Related Articles:
  • Allowlisting and Firewall Configuration for GoTo Meeting
  • Third-Party Provider IP Ranges for Audio, Video, and Screen Sharing Services
  • Minimal Firewall Settings for the GoTo App

Need help?

Contact icon Contact support
Manage Cases icon Manage cases
Community icon Ask the Community
Training icon Attend trainings
Video icon Watch videos
  • Language selector icon Language selector icon
    • English
    • français
    • italiano
    • Deutsch
    • español
    • português
    • Nederlands
  • About Us
  • Terms of Service
  • Privacy Policy
  • Trademark
  • Do Not Sell or Share My Personal Info
  • Browse Products
  • Copyright © 2025 GoTo Group, Inc. All rights reserved

Collaboration Products

GoTo Connect

GoTo Meeting

GoTo Webinar

GoTo Training

join.me

Grasshopper

OpenVoice

Remote Solutions Products

GoTo Resolve

Rescue

GoToAssist

Access Products

Pro

Central

GoToMyPC