Optimal Firewall Configuration - GoToMeeting

Find an Answer

Search GoToMeeting articles, videos and user guides   Your search term must have 2 or more characters.

Browse Articles

Optimal Firewall Configuration

Covers Citrix SaaS products involving our servers as of July 2016

Citrix SaaS products are configured to work outbound through ports 8200, 80 or 443. In a restricted environment, port 8200 can be set up for outbound connections. Our products do not listen for, nor do they require, any inbound connections. Connections outbound via port 8200 are optimal, although connections through ports 80 and 443 can also be used.

Integrated Voice over IP (VoIP) connections are configured to work outbound through UDP port 8200. Integrated webcam video support is configured through UDP port 1853.

For most firewall or proxy systems, we recommend specifying a whitelist of DNS addresses for Citrix services so outbound connections can be made. The list of Citrix domains currently includes (but is not limited to) the following:

*.assist.com*.gotoassist.me*.openvoice.com
* api.filepicker.io*.gotomeet.at*.osdimg.com
*.citrixonline.com*.gotomeet.me*.podio.com
*.citrixonlinecdn.com*.gotomeeting.com*.securevdr.com
*.cloudfront.net*.gotomypc.com*.sf-api.com
*.expertcity.com*.gototraining.com*.sf-api.eu
*.fastsupport.com*.gotowebinar.com*.sharefile.com
*.getgocdn.com *.helpme.net*.sharefile.eu
*.go2assist.me*.hu.tt*.sharefileftp.com
*.gofastchat.com*.joingotomeeting.com*.sharefile-webdav.com
*.gotoassist.com*.jointraining.com 
*.gotoassist.at*.joinwebinar.com 

Important Note: Changes to the firewall configuration are discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance to your network. These changes are necessary to continue to provide the maximum performance for the Citrix SaaS family of applications. Maintenance and failover events may cause you to connect to servers within any of the ranges.

If your firewall includes a content or application data scanning filter, this may cause blocking or latency, which would be indicated in the log files for the filter. To address this problem, verify the below IP ranges will not be scanned or filtered by specifying exception IP ranges that will not be filtered. If your security policy requires you to specify explicit IP ranges, then configure your firewall to limit port 8200 or 80 or 443 destination, UDP ports 8200 and 1853 and IP addresses to only the Citrix ranges and those of our provider networks given below.

Citrix server / Datacenter IP addresses for use in firewall configurations

Equivalent specifications in 3 common formats

Citrix Assigned
Range by Block
Numeric IP
Address Range
Netmask NotationCIDR Notation
Block 1216.115.208.0 - 216.115.223.255216.115.208.0 255.255.240.0216.115.208.0/20
Block 2216.219.112.0 - 216.219.127.255 216.219.112.0 255.255.240.0 216.219.112.0/20
Block 366.151.158.0 - 66.151.158.255 66.151.158.0 255.255.255.0 66.151.158.0/24
Block 466.151.150.160 - 66.151.150.191 66.151.150.160 255.255.255.224 66.151.150.160/27
Block 566.151.115.128 - 66.151.115.191 66.151.115.128 255.255.255.192 66.151.115.128/26
Block 664.74.80.0 - 64.74.80.255 64.74.80.0 255.255.255.0 64.74.80.0/24
Block 7202.173.24.0 - 202.173.31.255 202.173.24.0 255.255.248.0 202.173.24.0/21
Block 867.217.64.0 - 67.217.95.255 67.217.64.0 255.255.224.0 67.217.64.0/19
Block 978.108.112.0 - 78.108.127.255 78.108.112.0 255.255.240.0 78.108.112.0/20
Block 1068.64.0.0 - 68.64.31.255 68.64.0.0 255.255.224.0 68.64.0.0/19
Block 11206.183.100.0 - 206.183.103.255 206.183.100.0 255.255.252.0 206.183.100.0/22
Block 12173.199.0.0 - 173.199.63.255 173.199.0.0 255.255.192.0 173.199.0.0/18
Block 13103.15.16.0 - 103.15.19.255 103.15.16.0 255.255.252.0 103.15.16.0/22
Block 14180.153.30.0 - 180.153.31.255 180.153.30.0 255.255.254.0 180.153.30.0/23
Block 15140.207.108.0 - 140.207.109.255 140.207.108.0 255.255.254.0 140.207.108.0/23
Block 1623.239.224.0 - 23.239.255.255 23.239.224.0 255.255.224.0 23.239.224.0/19
Block 17185.36.20.0 - 185.36.23.255 185.36.20.0 255.255.252.0 185.36.20.0/22

 

 

IPv6 addresses space

Citrix Assigned
Range by Block
Classless Inter-Domain Routing (CIDR) format   
Block 12620:0:c70::/48  
Block 22a04:6660::/30  

 

Citrix scales its services into third-party cloud and carrier networks for improved performance. To ensure continuous uptime, Citrix also maintains datacenters in San Jose, Las Vegas, Chicago, New York, Atlanta, Washington D.C., Hong Kong, Sydney, Amsterdam, Frankfurt, Bangalore and Shanghai.

IP ranges for the content delivery network (CDN)

IP ranges for other services (audio, video and screen sharing)