• EnglishEspañol日本語한국어Português
  • Log inStart now

New Relic network traffic

This list is current. Networks, IPs, domains, ports, and endpoints last updated April 23, 2024.

This is a list of the networks, IP addresses, domains, ports, and endpoints used by API clients or agents to communicate with New Relic. TLS is required for all domains.

Tip

This doc provides information for ensuring our integrations can access New Relic domains. To monitor the performance of your network, see Get started with network monitoring.

TLS encryption

To ensure data security for our customers and to be in compliance with FedRAMP and other standards for data encryption, all inbound connections for all domains require Transport Layer Security (TLS) 1.2. For more details, see our Support Forum post about TLS 1.2.

For future updates to required and supported protocol versions, follow the Security Notifications tag in New Relic's Support Forum.

New Relic telemetry endpoints

This table contains the endpoints for New Relic telemetry data ingest, and other functionality related to telemetry monitoring. (For an easy-to-copy list of these endpoints, see Endpoint list.)

For more detail on specific agents and integrations, and about ports, keep reading below the table.

Capability

US data center endpoint

EU data center endpoint

APM

APM agent ingest

collector.newrelic.com

collector.eu.newrelic.com
collector.eu01.nr-data.net

APM agent ingest, when you forward logs through our APM agents

log-api.newrelic.com

collector.eu.newrelic.com
collector.eu01.nr-data.net

AWS

AWS Metric Streams ingest

aws-api.newrelic.com

aws-api.eu.newrelic.com
aws-api.eu01.nr-data.net

AWS VPC Flow Logs and RDS Enhanced ingest

cloud-collector.newrelic.com

cloud-collector.eu.newrelic.com

Browser

Browser monitoring ingest

bam.nr-data.net
bam-cell.nr-data.net

bam.eu01.nr-data.net

IAST

Validator Service URL
(Requires secure WebSocket connection)

csec.nr-data.net

csec.eu01.nr-data.net

Ingest APIs

Our Event API

insights-collector.newrelic.com

insights-collector.eu01.nr-data.net

Our Log API

log-api.newrelic.com

log-api.eu.newrelic.com

Our Metric API

metric-api.newrelic.com

metric-api.eu.newrelic.com

Our Trace API

trace-api.newrelic.com

trace-api.eu.newrelic.com

Infrastructure

Infrastructure agent ingest

infra-api.newrelic.com

infra-api.eu.newrelic.com
infra-api.eu01.nr-data.net

Infrastructure entity registration

identity-api.newrelic.com

identity-api.eu.newrelic.com

Infrastructure agent control

infrastructure-command-api.newrelic.com

infrastructure-command-api.eu.newrelic.com

Lookup tables

Lookup table upload

nrql-lookup.service.newrelic.com

nrql-lookup.service.eu.newrelic.com

Mobile

Mobile agent ingest

mobile-collector.newrelic.com

mobile-collector.eu01.nr-data.net

Mobile agent crash report ingest

mobile-crash.newrelic.com

mobile-crash.eu01.nr-data.net

Symbolication, deobfuscation, and related

mobile-symbol-upload.newrelic.com

mobile-symbol-upload.eu01.nr-data.net

OpenTelemetry

OpenTelemetry ingest

otlp.nr-data.net

otlp.eu01.nr-data.net

Telemetry endpoints in simple list format

The telemetry endpoints in the table above are included below in easy-to-copy lists:

FedRAMP ingest endpoints

See FedRAMP endpoints.

Ports

For all data ingest applications, with the exception of OpenTelemetry, use port 443, a secure channel for encrypted HTTPS traffic and our default.

If you have an existing configuration that uses port 80, we recommend updating it to use 443.

OpenTelemetry ports

The ports used for otlp.nr-data.net and otlp.eu01.nr-data.net are:

  • 443
  • 4317 (HTTP/2)
  • 4318 (HTTP/1.1)

Data ingest IP blocks

We use these blocks for data ingestion:

  • US data center endpoints: 162.247.240.0/22,152.38.128.0/19
  • EU data center endpoints: 185.221.84.0/22,212.32.0.0/20
  • Other data center endpoints: 64.251.192.0/20

User-facing domains

Your browser must be able to communicate with a number of domains for New Relic to work properly. Update your allow list to ensure New Relic can communicate with a number of integral domains listed in this section. Blocking domains can cause issues with individual product features or prevent pages from loading altogether.

This list doesn't cover domains that New Relic connects to that can be blocked without affecting your usage of the product. It also doesn't cover Nerdpacks or other features that communicate with external services that have additional domain requirements.

If your organization uses a firewall that restricts outbound traffic, follow the specific procedures for the operating system and the firewall you use to add the following domains to the allow list.

Domain

Description

\*.newrelic.com

New Relic and supporting services

\*.nr-assets.net

Static New Relic assets

\*.nr-ext.net

New Relic Nerdpacks and assets

secure.gravatar.com

Support for Gravatar avatars

fonts.googleapis.com

Support for Google Fonts

fonts.gstatic.com

Support for Google Fonts

www.google.com

Support for reCAPTCHA

www.gstatic.com

Support for reCAPTCHA

\*.nr-data.net

OpenTelemetry and Pixie

onenr.io

New Relic sharing permalinks

\*.typescript.azureedge.net

Synthetics code editor autocompletion functionality

nr-synthetics-production.s3.amazonaws.com

Synthetics screenshots, logs, and similar assets (US region only)

nr-synthetics-production-eu.s3.eu-central-1.amazonaws.com

Synthetics screenshots, logs, and similar assets (EU region only)

pa-api.newrelic-external.com

New Relic Partner API

Agent downloads

TLS is required for all domains. Service for download.newrelic.com is provided through Fastly and is subject to change without warning. For the most current list of public IP addresses for New Relic agent downloads, see api.fastly.com/public-ip-list.

Infrastructure details

In order to report data to New Relic, our infrastructure monitoring needs outbound access to endpoints in the endpoints table. TLS is required for all domains.

If your system needs a proxy to connect to New Relic, use the Infrastructure proxy setting.

Our infrastructure monitoring makes use of several other ingest endpoints, including the Metric API endpoint and the Log API endpoint (included in the endpoint table).

Details about the non-ingest-related endpoints:

  • identity-api.newrelic.com | identity-api.eu.newrelic.com: Required for entity registration (for example, a host entity).
  • infrastructure-command-api.newrelic.com | infrastructure-command-api.eu.newrelic.com: Used by the agent to control aspects of agent behavior (for example, use of feature flags).

APM agent details

To enhance network performance and data security, New Relic uses a CDN and DDoS prevention service with a large IP range. New Relic agents require your firewall to allow outgoing connections to the APM-related endpoints in the ingest endpoints table. To add them to your allow list, follow the specific procedures for the operating system and the firewall you use.

TLS is required for all domains.

Browser monitoring details

In addition to the endpoints used by our agent and our agents, applications monitored by our browser agent use outgoing connections to js-agent.newrelic.com.

For more information about CDN access for the js-agent.newrelic.com file to the domain bam.nr-data.net or to one of the New Relic beacons, see Security for browser monitoring.

TLS is required for all domains.

Security data endpoints

See Security data API.

Synthetic monitors

Public locations

To configure your firewall to allow synthetic monitors to access your monitored URL, use Synthetic public minion IPs. TLS is required for all domains.

Private locations

Synthetic private minions report to a specific endpoint based on region. To allow the private minion to access the endpoint or the static IP addresses associated with the endpoint, follow the specific procedures for the operating system and the firewall you use. These IP addresses may change in the future.

TLS is required for all domains. Use the IP connections for your data center region (US or EU):

IP connections

Synthetics private location data

Endpoint

US data center region:

  • https://synthetics-horde.nr-data.net/

    EU data center region:

  • https://synthetics-horde.eu01.nr-data.net/

IP addresses

US data center region:

  • 162.247.240.0/22

  • 152.38.128.0/19

    EU data center region:

  • 185.221.84.0/22

  • 212.32.0.0/20

    Other data center region:

  • 64.251.192.0/20

Alerts webhooks, api.newrelic.com, cloud integrations, and ticketing integrations

Endpoints that use api.newrelic.com (such as our NerdGraph API) and our New Relic-generated webhooks for alert policies use an IP address from designated network blocks for the US or EU region. TLS is required for all addresses in these blocks.

Network blocks for US data center region:

  • 162.247.240.0/22
  • 18.246.82.0/25 (effective August 20, 2023)
  • 3.145.244.128/25 (effective August 20, 2023)
  • 20.51.136.0/25 (effective June 20, 2024)
  • 152.38.128.0/19 (effective June 20, 2024)

Network blocks for EU data center region:

  • 158.177.65.64/29
  • 159.122.103.184/29
  • 161.156.125.32/28
  • 3.77.79.0/25 (effective August 20, 2023)
  • 212.32.0.0/20 (effective June 20, 2024)

Network blocks for other data center region:

  • 3.27.118.128/25 (effective June 20, 2024)
  • 4.197.217.128/25 (effective June 20, 2024)
  • 64.251.192.0/20 (effective June 20, 2024)

These network blocks also apply to third-party ticketing integrations and New Relic cloud integrations. However, they don't apply to the Azure Monitor integration.

Pixie integration

The Pixie integration runs in your Kubernetes cluster and pulls a set of curated observability data from Pixie to send it to New Relic using the OpenTelemetry Protocol (OTLP).

The Pixie integration requires outbound network access to the following:

  • work.withpixie.ai:443
  • withpixie.ai:443
  • otlp.nr-data.net:4317 (US data center)
  • otlp.eu01.nr-data.net:4317 (EU data center)

Tip

If the 4317 port doesn't work, you can use port 443.

The Pixie community project uses container images hosted in Google Container Registry. Ensure your cluster can pull images from gcr.io.

CodeStream

New Relic CodeStream is a developer collaboration platform that enables your development team to discuss and review code in a natural and contextual way.

It uses the following domains:

  • *.newrelic.com
  • *.eu.newrelic.com
  • *.pubnub.com
  • *.pubnub.net
  • *.pndsn.com
  • *.pubnubapi.com
Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.