HELP FILE

Allowlisting and Firewall Configuration for LastPass

    If you or your company uses a firewall allowlist to restrict network access to only specific websites or software, then you can use the information below to ensure that your service can connect to LastPass.

    Ports

    The LastPass services are configured to work with the ports below.
    Important: The ports below reference outbound communications. Inbound connections are not required.
    Port Purpose
    TCP 80 Recommended, used for in-session communication
    TCP 443 Required, needs to support WebSocket connections over HTTPS
    TCP 636 Required, used to support LastPass LDAP service
    UDP 1802 – 1805, 1807, 1809 – 1810, 1812 – 1814 Required when using a negotiated port via Radius Tunnel

    Domains

    For most firewall or proxy systems, we recommend specifying an allowlist of DNS names for LastPass services so that outbound connections can be made. The list of LastPass domains currently includes (but is not limited to) the lists below.

    Domains
    *lastpass.com

    LastPass server/Data Center IP addresses for use in firewall configurations

    Data Center IP Addresses (CIDR Notation)
    67.217.80.0/23
    158.120.16.0/20 (New! Required for allowlisting as of May 14, 2022)
    173.199.30.0/23
    173.199.52.0/23
    216.219.114.0/23

    IPv6 address space

    Not currently supported for LastPass services.

    Data Centers

    To ensure continuous up-time, we also maintain data centers in the following regions:

    • United States: Nevada, Michigan
    • Global Public Cloud (including, but not limited to): United States (California, Ohio, Oregon, Virginia), Canada, Frankfurt (Germany), Ireland, London (England), Mumbai (India), Paris (France), São Paulo (Brazil), Seoul (South Korea), Singapore, Stockholm (Sweden), Sydney (Australia), Tokyo (Japan)
    • Content Delivery Public Cloud (including, but not limited to): All countries in this list

    Third-party provider IP ranges

    We scale our services into third-party cloud and carrier networks for improved performance.
    Note: The IP addresses listed below are subject to change.
    Note: ICMP is a required protocol used by LastPass to ping lastpass.com to verify end-to-end connectivity. Additionally, communication with lastpass.com is through HTTPS using port 443 with TLS 1.2.
    Akamai (CIDR Notation)
    2.17.24.0/22 23.32.0.0/11 88.221.60.0/22 96.6.0.0/15
    2.17.32.0/20 23.64.0.0/14 88.221.208.0/23 96.16.0.0/15
    2.19.157.0/24 23.72.0.0/13 88.221.209.0/24 104.64.0.0/10
    2.16.36.0/23 69.192.0.0/16 92.122.0.0/15 172.224.0.0/12
    2.22.226.0/23 72.246.0.0/15 92.122.96.0/22 173.222.0.0/15
    2.22.60.0/24 80.67.64.0/23 92.122.248.0/22 184.24.0.0/13
    23.0.0.0/12 80.67.70.0/24 95.100.176.0/20 184.50.0.0/15
    23.192.0.0/11 80.67.73.0/24 95.101.240.0/20 184.84.0.0/14

    Email domains

    • @lastpass.com
    • @sendgrid.com
    • @m.lastpass.com
    • @t.lastpass.com