Allowlisting and Firewall Configuration for LastPass
If you or your company uses a firewall allowlist to restrict network access to only specific websites or software, then you can use the information below to ensure that your service can connect to LastPass.
| Jump to... |
|---|
| Ports |
| Domains |
| LastPass server/Data Center IP addresses |
| IPv6 address space |
| Data Centers |
| Third-party provider IP ranges |
| Email domains |
Ports
The
LastPass services are configured to work with the ports below.
Important: The ports below reference outbound communications. Inbound connections are not required.
| Port | Purpose |
|---|---|
| TCP 80 | Recommended, used for in-session communication |
| TCP 443 | Required, needs to support WebSocket connections over HTTPS |
| TCP 636 | Required, used to support LastPass LDAP service |
| UDP 1802 – 1805, 1807, 1809 – 1810, 1812 – 1814 | Required when using a negotiated port via Radius Tunnel |
Domains
For most firewall or proxy systems, we recommend specifying an allowlist of DNS names for LastPass services so that outbound connections can be made. The list of LastPass domains currently includes (but is not limited to) the lists below.
| Domains |
|---|
| *lastpass.com |
LastPass server/Data Center IP addresses for use in firewall configurations
| Data Center IP Addresses (CIDR Notation) |
|---|
| 67.217.80.0/23 |
| 158.120.16.0/20 (New! Required for allowlisting as of May 14, 2022) |
| 173.199.30.0/23 |
| 173.199.52.0/23 |
| 216.219.114.0/23 |
IPv6 address space
Not currently supported for LastPass services.
Data Centers
To ensure continuous up-time, we also maintain data centers in the following regions:
- United States: Nevada, Michigan
- Global Public Cloud (including, but not limited to): United States (California, Ohio, Oregon, Virginia), Canada, Frankfurt (Germany), Ireland, London (England), Mumbai (India), Paris (France), São Paulo (Brazil), Seoul (South Korea), Singapore, Stockholm (Sweden), Sydney (Australia), Tokyo (Japan)
- Content Delivery Public Cloud (including, but not limited to): All countries in this list
Third-party provider IP ranges
We scale our services into third-party cloud and carrier networks for improved performance.
Note: The IP addresses listed below are subject to change.
Note: ICMP is a required protocol used by LastPass to ping lastpass.com to verify end-to-end connectivity. Additionally, communication with lastpass.com is through HTTPS using port 443 with TLS 1.2.
| Akamai (CIDR Notation) | |||
|---|---|---|---|
| 2.17.24.0/22 | 23.32.0.0/11 | 88.221.60.0/22 | 96.6.0.0/15 |
| 2.17.32.0/20 | 23.64.0.0/14 | 88.221.208.0/23 | 96.16.0.0/15 |
| 2.19.157.0/24 | 23.72.0.0/13 | 88.221.209.0/24 | 104.64.0.0/10 |
| 2.16.36.0/23 | 69.192.0.0/16 | 92.122.0.0/15 | 172.224.0.0/12 |
| 2.22.226.0/23 | 72.246.0.0/15 | 92.122.96.0/22 | 173.222.0.0/15 |
| 2.22.60.0/24 | 80.67.64.0/23 | 92.122.248.0/22 | 184.24.0.0/13 |
| 23.0.0.0/12 | 80.67.70.0/24 | 95.100.176.0/20 | 184.50.0.0/15 |
| 23.192.0.0/11 | 80.67.73.0/24 | 95.101.240.0/20 | 184.84.0.0/14 |
Email domains
- @lastpass.com
- @sendgrid.com
- @m.lastpass.com
- @t.lastpass.com