This list is current. Last updated 13 November 2020.
This is a list of the networks, IP addresses, domains, ports, and endpoints used by New Relic collectors (for example, https://collector.newrelic.com
) to communicate with a New Relic agent. TLS is required for all domains.
TLS encryption
To ensure data security for our customers and to be in compliance with FedRAMP and other standards for data encryption, Transport Layer Security (TLS) is required for all domains. Our preferred protocol for all domains is TLS 1.2. For more information, see New Relic's Explorers Hub post about TLS 1.2.
In addition, TLS 1.2 is required for most domains, except:
- APM agent connections
- Browser agent connections
- Mobile agent connections
- Event API
For future updates to required and supported protocol versions, follow the Security Notifications
tag in New Relic's Explorers Hub.
APM agents
To enhance network performance and data security, New Relic uses a CDN and DDoS prevention service with a large IP range. New Relic agents require your firewall to allow outgoing connections to the following networks and ports.
TLS is required for all domains. Use the IP connections for account data in the US or European Union region as appropriate:
IP connections | APM data |
---|---|
Networks | US region accounts:
|
Ports | US region accounts:
|
Endpoints | US region accounts:
|
Recommendation: Use port 443, a secured channel for encrypted HTTPS traffic. Some New Relic agents also offer port 80, an unsecured channel open to all HTTP traffic.
While some agents can be configured to use both port 80 and port 443, we recommend that you choose the port 443 (default). If you have an existing configuration that uses port 80, you can update it to use port 443, the default New Relic connection.
Agent downloads
TLS is required for all domains. Service for download.newrelic.com
is provided through Fastly and is subject to change without warning. For the most current list of public IP addresses for New Relic agent downloads, see api.fastly.com/public-ip-list.
Infrastructure agents
In order to report data to New Relic, our infrastructure monitoring needs outbound access to these domains, networks, and ports. TLS is required for all domains.
Use the IP connections for account data in the US or European Union region as appropriate:
IP connections | Infrastructure data |
---|---|
Domains |
|
Networks | For US region accounts:
|
Port |
|
Domains + Port | For US region accounts:
|
Proxy | If your system needs a proxy to connect to this domain, use the Infrastructure |
Browser domains
In addition to the IP addresses for APM agents, applications monitored by our browser agents use outgoing connections to the following domains. TLS is required for all domains.
Use the IP connections for account data in the US or European Union region as appropriate:
For US region accounts:
bam.nr-data.net
js-agent.newrelic.com
For EU region accounts:
eu01.nr-data.net
bam.eu01.nr-data.net
For more information about CDN access for the js-agent.newrelic.com
file to the domain bam.nr-data.net
or to one of the New Relic beacons, see Security for browser monitoring.
Mobile domains
In addition to the IP addresses for APM agents, applications monitored by our mobile agents use outgoing connections to the following domains. TLS is required for all domains.
Use the IP connections for account data in the US or European Union region as appropriate:
For US region accounts:
mobile-collector.newrelic.com
mobile-crash.newrelic.com
mobile-symbol-upload.newrelic.com
For EU region accounts:
mobile-collector.eu01.nr-data.net
mobile-crash.eu01.nr-data.net
mobile-symbol-upload.eu01.nr-data.net
Synthetic monitor public locations
To configure your firewall to allow synthetic monitors to access your monitored URL, use Synthetic public minion IPs. TLS is required for all domains.
Synthetic monitor private locations
Synthetic private minions report to a specific endpoint based on region. Configure your firewall to allow the private minion to access the endpoint or the static IP addresses associated with the endpoint. These IP addresses may change in the future.
TLS is required for all domains. Use the IP connections for account data in the US or European Union region as appropriate:
IP connections | Synthetics private location data |
---|---|
Endpoint | For US region accounts:
|
IP addresses | For US region accounts:
|
Alerts webhooks, api.newrelic.com, and ticketing integrations
Endpoints that use api.newrelic.com
(such as our GraphQL API for NerdGraph) and our New Relic-generated webhooks for alert policies use an IP address from designated network blocks for the US or European Union region. TLS is required for all addresses in these blocks.
Network blocks for US region accounts:
- 162.247.240.0/22
Network blocks for EU region accounts:
- 158.177.65.64/29
- 159.122.103.184/29
- 161.156.125.32/28
These network blocks also apply to third-party ticketing integrations.
For more help
If you need more help, check out these support and learning resources:
- Browse the Explorers Hub to get help from the community and join in discussions.
- Find answers on our sites and learn how to use our support portal.
- Run New Relic Diagnostics, our troubleshooting tool for Linux, Windows, and macOS.
- Review New Relic's data security and licenses documentation.