Networks

This list is current. Last updated 13 November 2020.

This is a list of the networks, IP addresses, domains, ports, and endpoints used by New Relic collectors (for example, https://collector.newrelic.com) to communicate with a New Relic agent. TLS is required for all domains.

TLS encryption

To ensure data security for our customers and to be in compliance with FedRAMP and other standards for data encryption, Transport Layer Security (TLS) is required for all domains. Our preferred protocol for all domains is TLS 1.2. For more information, see New Relic's Explorers Hub post about TLS 1.2.

In addition, TLS 1.2 is required for most domains, except:

  • APM agent connections
  • Browser agent connections
  • Mobile agent connections
  • Event API

For future updates to required and supported protocol versions, follow the Security Notifications tag in New Relic's Explorers Hub.

APM agents

To enhance network performance and data security, New Relic uses a CDN and DDoS prevention service with a large IP range. New Relic agents require your firewall to allow outgoing connections to the following networks and ports.

TLS is required for all domains. Use the IP connections for account data in the US or European Union region as appropriate:

IP connections APM data
Networks

US region accounts:

  • 162.247.240.0/22

EU region accounts:

  • 185.221.84.0/22
Ports

US region accounts:

EU region accounts:

Endpoints

US region accounts:

  • collector*.newrelic.com

EU region accounts:

Recommendation: Use port 443, a secured channel for encrypted HTTPS traffic. Some New Relic agents also offer port 80, an unsecured channel open to all HTTP traffic.

While some agents can be configured to use both port 80 and port 443, we recommend that you choose the port 443 (default). If you have an existing configuration that uses port 80, you can update it to use port 443, the default New Relic connection.

Agent downloads

TLS is required for all domains. Service for download.newrelic.com is provided through Fastly and is subject to change without warning. For the most current list of public IP addresses for New Relic agent downloads, see api.fastly.com/public-ip-list.

Infrastructure agents

In order to report data to New Relic, our infrastructure monitoring needs outbound access to these domains, networks, and ports. TLS is required for all domains.

Use the IP connections for account data in the US or European Union region as appropriate:

IP connections Infrastructure data
Domains
  • infra-api.newrelic.com
  • identity-api.newrelic.com
  • infrastructure-command-api.newrelic.com
  • log-api.newrelic.com
  • log-api.eu.newrelic.com
  • metric-api.newrelic.com
Networks

For US region accounts:

  • 162.247.240.0/22

For EU region accounts:

  • 185.221.84.0/22
Port
  • 443
Domains + Port

For US region accounts:

  • infra-api.newrelic.com:443
  • identity-api.newrelic.com:443
  • infrastructure-command-api.newrelic.com:443
  • log-api.newrelic.com:443
  • metric-api.newrelic.com:443

For EU region accounts:

  • infra-api.eu.newrelic.com:443
  • identity-api.eu.newrelic.com:443
  • infrastructure-command-api.eu.newrelic.com:443
  • log-api.eu.newrelic.com:443
  • metric-api.eu.newrelic.com:443
Proxy If your system needs a proxy to connect to this domain, use the Infrastructure proxy setting.

Browser domains

In addition to the IP addresses for APM agents, applications monitored by our browser agents use outgoing connections to the following domains. TLS is required for all domains.

Use the IP connections for account data in the US or European Union region as appropriate:

For US region accounts:

  • bam.nr-data.net
  • js-agent.newrelic.com

For EU region accounts:

  • eu01.nr-data.net
  • bam.eu01.nr-data.net

For more information about CDN access for the js-agent.newrelic.com file to the domain bam.nr-data.net or to one of the New Relic beacons, see Security for browser monitoring.

Mobile domains

In addition to the IP addresses for APM agents, applications monitored by our mobile agents use outgoing connections to the following domains. TLS is required for all domains.

Use the IP connections for account data in the US or European Union region as appropriate:

For US region accounts:

  • mobile-collector.newrelic.com
  • mobile-crash.newrelic.com
  • mobile-symbol-upload.newrelic.com

For EU region accounts:

  • mobile-collector.eu01.nr-data.net
  • mobile-crash.eu01.nr-data.net
  • mobile-symbol-upload.eu01.nr-data.net

Synthetic monitor public locations

To configure your firewall to allow synthetic monitors to access your monitored URL, use Synthetic public minion IPs. TLS is required for all domains.

Synthetic monitor private locations

Synthetic private minions report to a specific endpoint based on region. Configure your firewall to allow the private minion to access the endpoint or the static IP addresses associated with the endpoint. These IP addresses may change in the future.

TLS is required for all domains. Use the IP connections for account data in the US or European Union region as appropriate:

IP connections Synthetics private location data
Endpoint

For US region accounts:

  • https://synthetics-horde.nr-data.net/

For EU region accounts:

  • https://synthetics-horde.eu01.nr-data.net/
IP addresses

For US region accounts:

  • 13.248.153.51
  • 76.223.21.185

For EU region accounts:

  • 185.221.86.57
  • 185.221.86.25

Alerts webhooks, api.newrelic.com, and ticketing integrations

Endpoints that use api.newrelic.com (such as our GraphQL API for NerdGraph) and our New Relic-generated webhooks for alert policies use an IP address from designated network blocks for the US or European Union region. TLS is required for all addresses in these blocks.

Network blocks for US region accounts:

  • 162.247.240.0/22

Network blocks for EU region accounts:

  • 158.177.65.64/29
  • 159.122.103.184/29
  • 161.156.125.32/28

These network blocks also apply to third-party ticketing integrations.

For more help

If you need more help, check out these support and learning resources: