• EnglishEspañol日本語한국어Português
  • Log inStart now

New Relic network traffic

This list is current. Networks, IPs, domains, ports, and endpoints last updated April 23, 2024.

This is a list of the networks, IP addresses, domains, ports, and endpoints used by API clients or agents to communicate with New Relic. TLS is required for all domains.


This doc provides information for ensuring our integrations can access New Relic domains. To monitor the performance of your network, see Get started with network monitoring.

TLS encryption

To ensure data security for our customers and to be in compliance with FedRAMP and other standards for data encryption, all inbound connections for all domains require Transport Layer Security (TLS) 1.2 or above. For more details, see our Support Forum post about TLS 1.2.

For future updates to required and supported protocol versions, follow the Security Notifications tag in New Relic's Support Forum.

New Relic telemetry endpoints

This table contains the endpoints for New Relic telemetry data ingest, and other functionality related to telemetry monitoring. (For an easy-to-copy list of these endpoints, see Endpoint list.)

For more detail on specific agents and integrations, and about ports, keep reading below the table.


US data center endpoint

EU data center endpoint


APM agent ingest




AWS Metric Streams ingest



AWS VPC Flow Logs and RDS Enhanced ingest




Browser monitoring ingest




Validator Service URL
(Requires secure WebSocket connection)



Ingest APIs

Our Event API



Our Log API



Our Metric API



Our Trace API




Infrastructure agent ingest



Infrastructure entity registration



Infrastructure agent control



Lookup tables

Lookup table upload




Mobile agent ingest



Mobile agent crash report ingest



Symbolication, deobfuscation, and related




OpenTelemetry ingest



Telemetry endpoints in simple list format

The telemetry endpoints in the table above are included below in easy-to-copy lists:

FedRAMP ingest endpoints

See FedRAMP endpoints.


For all data ingest applications, with the exception of OpenTelemetry, use port 443, a secure channel for encrypted HTTPS traffic and our default.

If you have an existing configuration that uses port 80, we recommend updating it to use 443.

OpenTelemetry ports

The ports used for otlp.nr-data.net and otlp.eu01.nr-data.net are:

  • 443
  • 4317 (HTTP/2)
  • 4318 (HTTP/1.1)

Data ingest IP blocks

We use these blocks for data ingestion:

  • US data center endpoints:,
  • EU data center endpoints:,
  • Other data center endpoints:

User-facing domains

Your browser must be able to communicate with a number of domains for New Relic to work properly. Update your allow list to ensure New Relic can communicate with a number of integral domains listed in this section. Blocking domains can cause issues with individual product features or prevent pages from loading altogether.

This list doesn't cover domains that New Relic connects to that can be blocked without affecting your usage of the product. It also doesn't cover Nerdpacks or other features that communicate with external services that have additional domain requirements.

If your organization uses a firewall that restricts outbound traffic, follow the specific procedures for the operating system and the firewall you use to add the following domains to the allow list.




New Relic and supporting services


Static New Relic assets


New Relic Nerdpacks and assets


Support for Gravatar avatars


Support for Google Fonts


Support for Google Fonts


Support for reCAPTCHA


Support for reCAPTCHA


OpenTelemetry and Pixie


New Relic sharing permalinks


Synthetics code editor autocompletion functionality


New Relic Partner API

Agent downloads

TLS is required for all domains. Service for download.newrelic.com is provided through Fastly and is subject to change without warning. For the most current list of public IP addresses for New Relic agent downloads, see api.fastly.com/public-ip-list.

Infrastructure details

In order to report data to New Relic, our infrastructure monitoring needs outbound access to endpoints in the endpoints table. TLS is required for all domains.

If your system needs a proxy to connect to New Relic, use the Infrastructure proxy setting.

Our infrastructure monitoring makes use of several other ingest endpoints, including the Metric API endpoint and the Log API endpoint (included in the endpoint table).

Details about the non-ingest-related endpoints:

  • identity-api.newrelic.com | identity-api.eu.newrelic.com: Required for entity registration (for example, a host entity).
  • infrastructure-command-api.newrelic.com | infrastructure-command-api.eu.newrelic.com: Used by the agent to control aspects of agent behavior (for example, use of feature flags).

APM agent details

To enhance network performance and data security, New Relic uses a CDN and DDoS prevention service with a large IP range. New Relic agents require your firewall to allow outgoing connections to the APM-related endpoints in the ingest endpoints table. To add them to your allow list, follow the specific procedures for the operating system and the firewall you use.

TLS is required for all domains.

Browser monitoring details

In addition to the endpoints used by our agent and our agents, applications monitored by our browser agent use outgoing connections to js-agent.newrelic.com.

For more information about CDN access for the js-agent.newrelic.com file to the domain bam.nr-data.net or to one of the New Relic beacons, see Security for browser monitoring.

TLS is required for all domains.

Security data endpoints

See Security data API.

Synthetic monitors

Public locations

To configure your firewall to allow synthetic monitors to access your monitored URL, use Synthetic public minion IPs. TLS is required for all domains.

Private locations

Synthetic private minions report to a specific endpoint based on region. To allow the private minion to access the endpoint or the static IP addresses associated with the endpoint, follow the specific procedures for the operating system and the firewall you use. These IP addresses may change in the future.

TLS is required for all domains. Use the IP connections for your data center region (US or EU):

IP connections

Synthetics private location data


US data center region:

  • https://synthetics-horde.nr-data.net/

EU data center region:

  • https://synthetics-horde.eu01.nr-data.net/

IP addresses

US data center region:


EU data center region:


Other data center region:


Alerts webhooks, api.newrelic.com, cloud integrations, and ticketing integrations

Endpoints that use api.newrelic.com (such as our NerdGraph API) and our New Relic-generated webhooks for alert policies use an IP address from designated network blocks for the US or EU region. TLS is required for all addresses in these blocks.

Network blocks for US data center region:

  • (effective August 20, 2023)
  • (effective August 20, 2023)
  • (effective June 20, 2024)
  • (effective June 20, 2024)

Network blocks for EU data center region:

  • (effective August 20, 2023)
  • (effective June 20, 2024)

Network blocks for other data center region:

  • (effective June 20, 2024)
  • (effective June 20, 2024)
  • (effective June 20, 2024)

These network blocks also apply to third-party ticketing integrations and New Relic cloud integrations. However, they don't apply to the Azure Monitor integration.

Pixie integration

The Pixie integration runs in your Kubernetes cluster and pulls a set of curated observability data from Pixie to send it to New Relic using the OpenTelemetry Protocol (OTLP).

The Pixie integration requires outbound network access to the following:

  • work.withpixie.ai:443
  • withpixie.ai:443
  • otlp.nr-data.net:4317 (US data center)
  • otlp.eu01.nr-data.net:4317 (EU data center)


If the 4317 port doesn't work, you can use port 443.

The Pixie community project uses container images hosted in Google Container Registry. Ensure your cluster can pull images from gcr.io.


New Relic CodeStream is a developer collaboration platform that enables your development team to discuss and review code in a natural and contextual way.

It uses the following domains:

  • *.newrelic.com
  • *.eu.newrelic.com
  • *.pubnub.com
  • *.pubnub.net
  • *.pndsn.com
  • *.pubnubapi.com
Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.