Firewall Requirements

To ensure communication between the N-central server and external services, configure your firewall to allow required outbound and inbound traffic. For the complete and authoritative list of domains, URLs, and IPs, see the Allow List Requirements topic.

Software Distribution and Updates

The N-central server and agents retrieve installation files, patches, and update metadata from:

  • sis.n-able.com

    Repository of XML files that provide download links for executables and patches.

    Example: agents retrieve compatible downloads using GenericFiles.xml.

  • update.n-able.com (alias: releases.n-able.com)

    Provides NSP upgrade files, ISO images, and installation packages.

  • feeds.n-able.com

    Provides RSS feeds.

Ports

  • sis.n-able.com: HTTP 80, HTTPS 443, TCP 8443

  • All others: HTTPS 443

Licensing and Activation (On-Premises only)

  • servermetrics.n-able.com - Sends server data to the activation service.

  • licensing.n-able.com - Activations, License Renewals, License Updates

Device and Warranty Services (On-Premises only)

  • updatewarranty.com

    Retrieves warranty information for managed devices.

Patch Management and Microsoft Updates

  • microsoft.com

  • *.delivery.mp.microsoft.com

  • *.update.microsoft.com

  • tsfe.trafficshaping.dsp.mp.microsoft.com

  • *.prod.do.dsp.mp.microsoft.com

Identity and Access

Single Sign-On (SSO) (On-Premises only)

  • sso.navigatorlogin.com

MSP SSO proxies:

  • msp-sso-proxy.eu-west-1.prd.cdo.system-monitor.com

  • msp-sso-proxy.us-west-2.prd.cdo.system-monitor.com

Device Management

Mobile Device Management (MDM)

  • push.n-able.com

  • scep.n-able.com

Security and Protection

Endpoint Detection and Response (EDR)

  • keybox.n-able.com

  • keybox.solarwindsmsp.com

  • *.sentinelone.net

Feature Delivery and Configuration

  • mtls.api.featureflags.prd.sharedsvcs.system-monitor.com

  • assets.prd.esp.system-monitor.com

LaunchDarkly

  • stream.launchdarkly.com

  • sdk.launchdarkly.com

  • app.launchdarkly.com

  • events.launchdarkly.com

AI / Platform services

  • api.openai.com

Backup and Integrations

  • integrated.cloudbackup.management

  • *.cloudbackup.management

  • secure.n-able.com

Modern Agent Communication

Core endpoints

  • *.prd.cdo.system-monitor.com

  • cdn-component.fusion.prd.cdo.system-monitor.com

  • cdn-notary.pub.prd.cdo.system-monitor.com

Event bridge endpoints

  • eb.eu-west-1.prd.davinci.system-monitor.com

  • eb.us-west-2.prd.davinci.system-monitor.com

  • eb.ap-southeast-2.prd.davinci.system-monitor.com

  • eb.eu-central-1.prd.davinci.system-monitor.com

AWS IoT endpoints

  • a33d8yamkwy4nx-ats.iot.eu-west-1.amazonaws.com

  • a33d8yamkwy4nx-ats.iot.us-west-2.amazonaws.com

  • a33d8yamkwy4nx-ats.iot.eu-central-1.amazonaws.com

  • a33d8yamkwy4nx-ats.iot.ap-southeast-2.amazonaws.com

Alternatively, wildcard form if supported: *.iot.<region>.amazonaws.com

Port

TCP 8088

Ecosystem and Integrations

Ecosystem Middleware

API endpoints

  • api.ecosystem-middleware.eu-central-1.prd.esp.system-monitor.com

  • api.ecosystem-middleware.eu-west-1.prd.esp.system-monitor.com

  • api.ecosystem-middleware.us-west-2.prd.esp.system-monitor.com

  • api.ecosystem-middleware.ap-southeast-2.prd.esp.system-monitor.com

  • api.ecosystem-middleware.eu-east-1.prd.esp.system-monitor.com

  • api.ecosystem-middleware.us-west-1.prd.esp.system-monitor.com

REST endpoints

  • rest.ecosystem.ap-southeast-2.prd.esp.system-monitor.com

  • rest.ecosystem.eu-east-1.prd.esp.system-monitor.com

  • rest.ecosystem.eu-west-1.prd.esp.system-monitor.com

  • rest.ecosystem.us-west-1.prd.esp.system-monitor.com

gRPC endpoints

  • grpc.ecosystem.ap-southeast-2.prd.esp.system-monitor.com

  • grpc.ecosystem.eu-east-1.prd.esp.system-monitor.com

  • grpc.ecosystem.eu-west-1.prd.esp.system-monitor.com

  • grpc.ecosystem.us-west-1.prd.esp.system-monitor.com

UI

  • ui.ecosystem-middleware.prd.esp.system-monitor.com

Analytics (N-central + Power BI)

N-central relay

  • us.prd.relay.system-monitor.com

  • eu-w.prd.relay.system-monitor.com

  • eu-c.prd.relay.system-monitor.com

  • ap.prd.relay.system-monitor.com

Power BI proxy

  • authnproxy.powerbiapi.apse2.prd.ar.system-monitor.com

  • authnproxy.powerbiapi.uswe2.prd.ar.system-monitor.com

  • authnproxy.powerbiapi.euwe1.prd.ar.system-monitor.com

  • authnproxy.powerbiapi.euce1.prd.ar.system-monitor.com

Remote Access

Take Control

Primary domains

  • swi-rc.cdn-sw.net

  • *.n-able.com

  • *.mspa.n-able.com

  • *.global.mspa.n-able.com

  • *.us1.mspa.n-able.com

  • *.us2.mspa.n-able.com

  • *.eu1.mspa.n-able.com

Additional domains

  • sis.n-able.com

MSP Anywhere

  • *.beanywhere.com

  • mspa.n-able.com

  • *.pubnub.com

Alternative (no wildcard support)

Allow TCP port 3377 to any IP address.

Allow HTTPS 443 to:

  • swi-rc.cdn-sw.net

  • comserver.global.mspa.n-able.com

  • comserver.us1.mspa.n-able.com

  • comserver.us2.mspa.n-able.com

  • comserver.eu1.mspa.n-able.com

  • comserver-hb-eu1-fra.n-able.com

  • comserver-hb-eu1-iad1.n-able.com

  • comserver-hb-us0-iad1.n-able.com

  • comserver-hb-us0-lax.n-able.com

  • comserver-hb-us1-iad2.n-able.com

  • comserver-hb-us1-lax.n-able.com

  • comserver-hb-us2-lax.n-able.com

  • comserver-hb-us2-iad2.n-able.com

User Experience and Telemetry

  • cdn.pendo.io

  • data.pendo.io

  • pendo-io-static.storage.googleapis.com

  • pendo-static*.storage.googleapis.com

Support

Required inbound access IPs

N-able Support

Open access to all the listed IP addresses. Although most Support connections will come from your local Support office, some shifts are covered by other offices.

Americas
  • 32.60.115.209-222 – Ottawa, Ontario, Canada (Support and Development)
  • 207.35.253.229 – Ottawa, Ontario, Canada (Support and Development)
  • 209.120.234.64-79 – Ottawa, Ontario, Canada (Support and Development)
  • 216.85.162.34 – Durham, North Carolina, United States of America (Support)
  • 4.35.232.2 – Durham, North Carolina, United States of America (Support)
  • 174.99.133.19 – Durham, North Carolina, United States of America (Support)
  • 4.7.118.146 - Durham, North Carolina, United States of America (Support)

APAC
  • 122.53.149.180 – Manila, Philippines (Support)
  • 122.53.149.190 – Manila, Philippines (Support)
  • 120.28.59.197 – Manila, Philippines (Support)
  • 122.3.252.208/28 – Manila, Philippines (Support)
  • 180.232.22.208/29 – Manila, Philippines (Support)
  • 116.50.225.187 – Manila, Philippines (Support)
EMEA
  • 208.70.88.4 - Dundee, Scotland (Support)
  • 62.253.153.163 – Dundee, Scotland (Support)
  • 212.187.250.0/28 – Dundee, Scotland (Support)
  • 62.28.208.190 – Lisbon, Portugal (Support and Development)
  • 78.11.93.114 – Krakow, Poland (Development)
  • 82.177.176.130 – Krakow, Poland (Development)

Deprecated Services

Mothership Monitoring

Do not add these to firewall rules.

This service provided external monitoring of partners' N-central servers, including connectivity and other server health services. Mothership Monitoring was deprecated on April 1, 2025, and these domains no longer need to be added to firewall rules or allow lists.

  • mothership.n-able.com - Primary Mothership Monitoring (Deprecated on April 1, 2025)

  • mothership2.n-able.com - Supplemental Mothership Monitoring (Deprecated on April 1, 2025)

Additional Information

In addition to the firewall requirements, other areas that should be taken into consideration include: