• /
  • English日本語
  • Log in
  • Free account

Networks

This list is current. Networks, IPs, domains, ports, and endpoints last updated March 22, 2022.

This is a list of the networks, IP addresses, domains, ports, and endpoints used by API clients or agents to communicate with New Relic. TLS is required for all domains.

For information on our FedRAMP endpoints, see our FedRAMP endpoints documentation.

Tip

This doc describes how to ensure our agents and integrations can access New Relic's domains. To monitor the performance of your network, see Get started with network performance monitoring.

TLS encryption

To ensure data security for our customers and to be in compliance with FedRAMP and other standards for data encryption, Transport Layer Security (TLS) is required for all domains. Our preferred protocol for all domains is TLS 1.2. For more information, see New Relic's Explorers Hub post about TLS 1.2.

In addition, TLS 1.2 is required for most domains, except:

  • APM agent connections
  • Browser agent connections
  • Event API

For future updates to required and supported protocol versions, follow the Security Notifications tag in New Relic's Explorers Hub.

User-facing domains

Your browser must be able to communicate with a number of domains for New Relic One to work properly. Update your allow list to ensure New Relic can communicate with a number of integral domains that are listed in this section. Blocking domains can cause issues with individual product features or prevent pages from loading altogether.

This list doesn't cover domains that New Relic connects to that can be blocked without affecting your usage of the product. It also doesn't cover Nerdpacks or other features that communicate with external services that have additional domain requirements.

If your organization uses a firewall that restricts outbound traffic, follow the specific procedures for the operating system and the firewall you use to add the following domains to the allow list.

Domain

Description

*.newrelic.com

New Relic One and supporting services

*.nr-assets.net

Static New Relic assets

*.nr-ext.net

New Relic One Nerdpacks and assets

*.amazonaws.com

New Relic One catalog assets behind AWS S3

*.cloudfront.net

Static New Relic assets behind AWS CloudFront CDN

secure.gravatar.com

Support for Gravatar avatars

fonts.googleapis.com

Support for Google Fonts

fonts.gstatic.com

Support for Google Fonts

www.google.com

Support for reCAPTCHA

www.gstatic.com

Support for reCAPTCHA

*.nr-data.net

OpenTelemetry and Pixie

onenr.io

New Relic One sharing permalinks

*.typescript.azureedge.net

Synthetics code editor autocompletion functionality

APM agents

To enhance network performance and data security, New Relic uses a CDN and DDoS prevention service with a large IP range. New Relic agents require your firewall to allow outgoing connections to the following networks and ports. To add the following IP connections to the allow list, follow the specific procedures for the operating system and the firewall you use.

TLS is required for all domains. Use the IP connections for account data in the US or European Union region as appropriate:

IP connections

APM data

Networks

US region accounts:

  • 162.247.240.0/22

    EU region accounts:

  • 185.221.84.0/22

Ports

US region accounts:

Endpoints

US region accounts:

  • collector*.newrelic.com

    EU region accounts:

  • collector*.eu01.nr-data.net:443 (recommended)

Port 443 recommended

Recommendation: Use port 443, a secured channel for encrypted HTTPS traffic. Some New Relic agents also offer port 80, an unsecured channel open to all HTTP traffic.

While some agents can be configured to use both port 80 and port 443, we recommend that you choose the port 443 (default). If you have an existing configuration that uses port 80, you can update it to use port 443, the default New Relic connection.

Agent downloads

TLS is required for all domains. Service for download.newrelic.com is provided through Fastly and is subject to change without warning. For the most current list of public IP addresses for New Relic agent downloads, see api.fastly.com/public-ip-list.

Infrastructure agents

In order to report data to New Relic, our infrastructure monitoring needs outbound access to these domains, networks, and ports. TLS is required for all domains.

Use the IP connections for account data in the US or European Union region as appropriate:

IP connections

Infrastructure data

Domains

  • infra-api.newrelic.com: Required to submit events, metrics, and inventory data.
  • identity-api.newrelic.com: Required for entity registration (for example, a host entity).
  • infrastructure-command-api.newrelic.com: Required to determine feature flags. Also used for gradual rollout of new capabilities.
  • log-api.newrelic.com: Required to submit logs to a US datacenter.
  • log-api.eu.newrelic.com: Required to submit logs to an EU datacenter.
  • metric-api.newrelic.com: Required to submit dimensional metrics.

Networks

For US region accounts:

  • 162.247.240.0/22

    For EU region accounts:

  • 185.221.84.0/22

Port

  • 443

Domains + Port

For US region accounts:

  • infra-api.newrelic.com:443

  • identity-api.newrelic.com:443

  • infrastructure-command-api.newrelic.com:443

  • log-api.newrelic.com:443

  • metric-api.newrelic.com:443

    For EU region accounts:

  • infra-api.eu.newrelic.com:443

  • identity-api.eu.newrelic.com:443

  • infrastructure-command-api.eu.newrelic.com:443

  • log-api.eu.newrelic.com:443

  • metric-api.eu.newrelic.com:443

Proxy

If your system needs a proxy to connect to this domain, use the Infrastructure proxy setting.

Browser domains

In addition to the IP addresses for APM agents, applications monitored by our browser agents use outgoing connections to the following domains. TLS is required for all domains.

Use the IP connections for account data in the US or European Union region as appropriate:

For US region accounts:

  • bam.nr-data.net
  • js-agent.newrelic.com

For EU region accounts:

  • eu01.nr-data.net
  • bam.eu01.nr-data.net

For more information about CDN access for the js-agent.newrelic.com file to the domain bam.nr-data.net or to one of the New Relic beacons, see Security for browser monitoring.

Mobile domains

In addition to the IP addresses for APM agents, applications monitored by our mobile agents use outgoing connections to the following domains. TLS is required for all domains.

Use the IP connections for account data in the US or European Union region as appropriate:

For US region accounts:

  • mobile-collector.newrelic.com
  • mobile-crash.newrelic.com
  • mobile-symbol-upload.newrelic.com

For EU region accounts:

  • mobile-collector.eu01.nr-data.net
  • mobile-crash.eu01.nr-data.net
  • mobile-symbol-upload.eu01.nr-data.net

Synthetic monitor public locations

To configure your firewall to allow synthetic monitors to access your monitored URL, use Synthetic public minion IPs. TLS is required for all domains.

Synthetic monitor private locations

Synthetic private minions report to a specific endpoint based on region. To allow the private minion to access the endpoint or the static IP addresses associated with the endpoint, follow the specific procedures for the operating system and the firewall you use. These IP addresses may change in the future.

TLS is required for all domains. Use the IP connections for account data in the US or European Union region as appropriate:

IP connections

Synthetics private location data

Endpoint

For US region accounts:

  • https://synthetics-horde.nr-data.net/

    For EU region accounts:

  • https://synthetics-horde.eu01.nr-data.net/

IP addresses

For US region accounts:

  • 13.248.153.51

  • 76.223.21.185

    For EU region accounts:

  • 185.221.86.57

  • 185.221.86.25

Alerts webhooks, api.newrelic.com, cloud integrations, and ticketing integrations

Endpoints that use api.newrelic.com (such as our GraphQL API for NerdGraph) and our New Relic-generated webhooks for alert policies use an IP address from designated network blocks for the US or European Union region. TLS is required for all addresses in these blocks.

Network blocks for US region accounts:

  • 162.247.240.0/22

Network blocks for EU region accounts:

  • 158.177.65.64/29
  • 159.122.103.184/29
  • 161.156.125.32/28

These network blocks also apply to third-party ticketing integrations and New Relic cloud integrations.

Pixie integration

The Pixie integration runs in your Kubernetes cluster and pulls a set of curated observability data from Pixie to send it to New Relic using the OpenTelemetry Protocol (OTLP).

The Pixie integration requires outbound network access to the following:

  • work.withpixie.ai:443
  • otlp.nr-data.net:4317 (US region accounts)
  • otlp.eu01.nr-data.net:4317 (EU region accounts)

CodeStream

New Relic CodeStream is a developer collaboration platform that enables your development team to discuss and review code in a natural and contextual way.

It uses the following domains:

  • api.codestream.com
  • *.pubnub.com
  • *.pubnub.net
  • *.pndsn.com
  • *.pubnub.io

OpenTelemetry

New Relic supports OpenTelemetry Protocol (OTLP) for exporting telemetry data. This allows you to use the vendor neutral components developed by the OpenTelemetry community to export your data to New Relic.

To export OTLP data to New Relic:

  1. Configure the OTLP exporter to add a header (api-key) with your account license key.
  2. Based on your region, configure the endpoint where the exporter sends data to New Relic. See the OpenTelemetry quick start for more information.
  • otlp.nr-data.net:(443/4317/4318) (US region accounts)
  • otlp.eu01.nr-data.net:(443/4317/4318) (EU region accounts)

Network blocks:

  • 162.247.240.0/22 (US region accounts)
  • 185.221.84.0/22 (EU region accounts)
Create issueEdit page
Copyright © 2022 New Relic Inc.
CareersTerms of ServiceDCMA PolicyPrivacy NoticeCookie PolicyUK Slavery Act