Firewall Requirements
To ensure communication between the N-central server and external services, configure your firewall to allow required outbound and inbound traffic. For the complete and authoritative list of domains, URLs, and IPs, see the Allow List Requirements topic.
Software Distribution and Updates
The N-central server and agents retrieve installation files, patches, and update metadata from:
-
sis.n-able.com
Repository of XML files that provide download links for executables and patches.
Example: agents retrieve compatible downloads using GenericFiles.xml.
-
update.n-able.com (alias: releases.n-able.com)
Provides NSP upgrade files, ISO images, and installation packages.
-
feeds.n-able.com
Provides RSS feeds.
Ports
-
sis.n-able.com: HTTP 80, HTTPS 443, TCP 8443
-
All others: HTTPS 443
Licensing and Activation (On-Premises only)
-
servermetrics.n-able.com - Sends server data to the activation service.
-
licensing.n-able.com - Activations, License Renewals, License Updates
Device and Warranty Services (On-Premises only)
-
updatewarranty.com
Retrieves warranty information for managed devices.
Patch Management and Microsoft Updates
-
microsoft.com
-
*.delivery.mp.microsoft.com
-
*.update.microsoft.com
-
tsfe.trafficshaping.dsp.mp.microsoft.com
-
*.prod.do.dsp.mp.microsoft.com
Identity and Access
Single Sign-On (SSO) (On-Premises only)
-
sso.navigatorlogin.com
MSP SSO proxies:
-
msp-sso-proxy.eu-west-1.prd.cdo.system-monitor.com
-
msp-sso-proxy.us-west-2.prd.cdo.system-monitor.com
Device Management
Mobile Device Management (MDM)
-
push.n-able.com
-
scep.n-able.com
Security and Protection
Endpoint Detection and Response (EDR)
-
keybox.n-able.com
-
keybox.solarwindsmsp.com
-
*.sentinelone.net
Feature Delivery and Configuration
-
mtls.api.featureflags.prd.sharedsvcs.system-monitor.com
-
assets.prd.esp.system-monitor.com
LaunchDarkly
-
stream.launchdarkly.com
-
sdk.launchdarkly.com
-
app.launchdarkly.com
-
events.launchdarkly.com
AI / Platform services
-
api.openai.com
Backup and Integrations
-
integrated.cloudbackup.management
-
*.cloudbackup.management
-
secure.n-able.com
Modern Agent Communication
Core endpoints
-
*.prd.cdo.system-monitor.com
-
cdn-component.fusion.prd.cdo.system-monitor.com
-
cdn-notary.pub.prd.cdo.system-monitor.com
Event bridge endpoints
-
eb.eu-west-1.prd.davinci.system-monitor.com
-
eb.us-west-2.prd.davinci.system-monitor.com
-
eb.ap-southeast-2.prd.davinci.system-monitor.com
-
eb.eu-central-1.prd.davinci.system-monitor.com
AWS IoT endpoints
-
a33d8yamkwy4nx-ats.iot.eu-west-1.amazonaws.com
-
a33d8yamkwy4nx-ats.iot.us-west-2.amazonaws.com
-
a33d8yamkwy4nx-ats.iot.eu-central-1.amazonaws.com
-
a33d8yamkwy4nx-ats.iot.ap-southeast-2.amazonaws.com
Alternatively, wildcard form if supported: *.iot.<region>.amazonaws.com
Port
TCP 8088
Ecosystem and Integrations
Ecosystem Middleware
API endpoints
-
api.ecosystem-middleware.eu-central-1.prd.esp.system-monitor.com
-
api.ecosystem-middleware.eu-west-1.prd.esp.system-monitor.com
-
api.ecosystem-middleware.us-west-2.prd.esp.system-monitor.com
-
api.ecosystem-middleware.ap-southeast-2.prd.esp.system-monitor.com
-
api.ecosystem-middleware.eu-east-1.prd.esp.system-monitor.com
-
api.ecosystem-middleware.us-west-1.prd.esp.system-monitor.com
REST endpoints
-
rest.ecosystem.ap-southeast-2.prd.esp.system-monitor.com
-
rest.ecosystem.eu-east-1.prd.esp.system-monitor.com
-
rest.ecosystem.eu-west-1.prd.esp.system-monitor.com
-
rest.ecosystem.us-west-1.prd.esp.system-monitor.com
gRPC endpoints
-
grpc.ecosystem.ap-southeast-2.prd.esp.system-monitor.com
-
grpc.ecosystem.eu-east-1.prd.esp.system-monitor.com
-
grpc.ecosystem.eu-west-1.prd.esp.system-monitor.com
-
grpc.ecosystem.us-west-1.prd.esp.system-monitor.com
UI
-
ui.ecosystem-middleware.prd.esp.system-monitor.com
Analytics (N-central + Power BI)
N-central relay
-
us.prd.relay.system-monitor.com
-
eu-w.prd.relay.system-monitor.com
-
eu-c.prd.relay.system-monitor.com
-
ap.prd.relay.system-monitor.com
Power BI proxy
-
authnproxy.powerbiapi.apse2.prd.ar.system-monitor.com
-
authnproxy.powerbiapi.uswe2.prd.ar.system-monitor.com
-
authnproxy.powerbiapi.euwe1.prd.ar.system-monitor.com
-
authnproxy.powerbiapi.euce1.prd.ar.system-monitor.com
Remote Access
Take Control
Primary domains
-
swi-rc.cdn-sw.net
-
*.n-able.com
-
*.mspa.n-able.com
-
*.global.mspa.n-able.com
-
*.us1.mspa.n-able.com
-
*.us2.mspa.n-able.com
-
*.eu1.mspa.n-able.com
Additional domains
-
sis.n-able.com
MSP Anywhere
-
*.beanywhere.com
-
mspa.n-able.com
-
*.pubnub.com
Alternative (no wildcard support)
Allow TCP port 3377 to any IP address.
Allow HTTPS 443 to:
-
swi-rc.cdn-sw.net
-
comserver.global.mspa.n-able.com
-
comserver.us1.mspa.n-able.com
-
comserver.us2.mspa.n-able.com
-
comserver.eu1.mspa.n-able.com
-
comserver-hb-eu1-fra.n-able.com
-
comserver-hb-eu1-iad1.n-able.com
-
comserver-hb-us0-iad1.n-able.com
-
comserver-hb-us0-lax.n-able.com
-
comserver-hb-us1-iad2.n-able.com
-
comserver-hb-us1-lax.n-able.com
-
comserver-hb-us2-lax.n-able.com
-
comserver-hb-us2-iad2.n-able.com
User Experience and Telemetry
-
cdn.pendo.io
-
data.pendo.io
-
pendo-io-static.storage.googleapis.com
-
pendo-static*.storage.googleapis.com
Support
Required inbound access IPs
N-able Support
Open access to all the listed IP addresses. Although most Support connections will come from your local Support office, some shifts are covered by other offices.
Americas
- 32.60.115.209-222 – Ottawa, Ontario, Canada (Support and Development)
- 207.35.253.229 – Ottawa, Ontario, Canada (Support and Development)
- 209.120.234.64-79 – Ottawa, Ontario, Canada (Support and Development)
- 216.85.162.34 – Durham, North Carolina, United States of America (Support)
- 4.35.232.2 – Durham, North Carolina, United States of America (Support)
- 174.99.133.19 – Durham, North Carolina, United States of America (Support)
-
4.7.118.146 - Durham, North Carolina, United States of America (Support)
APAC
- 122.53.149.180 – Manila, Philippines (Support)
- 122.53.149.190 – Manila, Philippines (Support)
- 120.28.59.197 – Manila, Philippines (Support)
- 122.3.252.208/28 – Manila, Philippines (Support)
- 180.232.22.208/29 – Manila, Philippines (Support)
- 116.50.225.187 – Manila, Philippines (Support)
EMEA
- 208.70.88.4 - Dundee, Scotland (Support)
- 62.253.153.163 – Dundee, Scotland (Support)
- 212.187.250.0/28 – Dundee, Scotland (Support)
- 62.28.208.190 – Lisbon, Portugal (Support and Development)
- 78.11.93.114 – Krakow, Poland (Development)
- 82.177.176.130 – Krakow, Poland (Development)
Deprecated Services
Mothership Monitoring
Do not add these to firewall rules.
This service provided external monitoring of partners' N-central servers, including connectivity and other server health services. Mothership Monitoring was deprecated on April 1, 2025, and these domains no longer need to be added to firewall rules or allow lists.
-
mothership.n-able.com - Primary Mothership Monitoring (Deprecated on April 1, 2025)
-
mothership2.n-able.com - Supplemental Mothership Monitoring (Deprecated on April 1, 2025)
Additional Information
In addition to the firewall requirements, other areas that should be taken into consideration include:
