Loading
×Sorry to interrupt
CSS Error

Type your question below or sign in to reach a support agent

Loading the page

LastPass Guide

Save selected topic
Save selected topic and subtopics
Attachments
Select AllDownload
Attachments
Select AllDownload
Open attachmentsOpen Attachments
Leave FeedbackSend Feedback
ShareShare Page
Expand All

Allowlisting and firewall configuration for LastPass

Save selected topic
Save selected topic and subtopics
Attachments
Select AllDownload
Attachments
Select AllDownload
Open attachmentsOpen Attachments
Leave FeedbackSend Feedback
ShareShare Page
Expand All
Also in
Last updated: Nov 04, 2024
3 min read
×

    Allowlisting and firewall configuration for LastPass

    If you or your company uses a firewall allowlist to restrict network access to only specific websites or software, then you should review the ports, domains, data center IP addresses, data center locations, third-party provider IP ranges, and email domains to ensure that your service can connect to LastPass.

    Ports

    The LastPass services are configured to work with the ports below.
    Important: The ports below reference outbound communications. Inbound connections are not required.
    Port Purpose
    TCP 80 Recommended, used for in-session communication.
    TCP 443 Required, needs to support WebSocket connections over HTTPS.
    TCP 636 Required, used to support LastPass LDAP service.

    Domains

    For most firewall or proxy systems, we recommend specifying an allowlist of DNS names for LastPass services so that outbound connections can be made. The list of LastPass domains currently includes (but is not limited to) the lists below.

    Domains
    *lastpass.com

    LastPass server/Data Center IP addresses for use in firewall configurations

    SIEM Outbound IP addresses
    SIEM Outbound IP addresses
    3.229.39.128
    3.217.249.96
    AWS Backend Outbound IP addresses
    IP addresses
    35.171.172.89/32
    52.87.90.36/32
    107.22.19.98/32
    3.210.146.106/32
    34.198.16.45/32
    52.205.232.125/32
    3.23.208.192/32
    3.131.10.63/32
    18.220.65.193/32
    3.136.244.200/32
    18.219.143.138/32
    18.221.180.241/32

    IPv6 address space

    Currently not supported for LastPass services.

    Data centers

    To ensure continuous up-time, we also maintain data centers in the following regions:

    • United States: Nevada, Michigan
    • Global Public Cloud (including, but not limited to): United States (California, Ohio, Oregon, Virginia), Canada, Frankfurt (Germany), Ireland, London (England), Mumbai (India), Paris (France), São Paulo (Brazil), Seoul (South Korea), Singapore, Stockholm (Sweden), Sydney (Australia), Tokyo (Japan)
    • Content Delivery Public Cloud (including, but not limited to): All countries in this list

    Third-party provider IP ranges

    We scale our services into third-party cloud and carrier networks for improved performance.
    Note: The IP addresses listed below are subject to change.
    Note: ICMP is a required protocol used by LastPass to ping lastpass.com to verify end-to-end connectivity. Additionally, communication with lastpass.com is through HTTPS using port 443 with TLS 1.2.
    Akamai (CIDR Notation)  
    2.16.0.0/13 23.72.0.0/13 88.221.0.0/16 96.16.0.0/15 173.222.0.0/15
    23.0.0.0/12 23.192.0.0/11 92.122.0.0/15 104.64.0.0/10 184.24.0.0/13
    23.32.0.0/11 69.192.0.0/16 95.100.0.0/15 118.214.0.0/16 184.50.0.0/15
    23.64.0.0/14 72.246.0.0/15 96.6.0.0/15 172.232.0.0/13 184.84.0.0/14

    Email domains

    LastPass sends emails from the following email domains/addresses:
    Attention: If you receive an email you believe may be related to phishing, please forward the email as an attachment to abuse@lastpass.com. Do not click on any links within the email.

    For more information about how to recognize phishing attempts and suspicious online activity, view Protect yourself from social engineering attacks. For tips and suggestions for protection against these types of attacks, view Recommendations for protecting yourself from social engineering attacks.

    TagsUserArticles

    If you need additional support after reading this article, please contact us below.

    On this page:
    Loading