NinjaOne Network and Firewall Allowlist Requirements
Use this guide to configure firewall, proxy, and web filtering allowlists for NinjaOne Agent, Patcher, File Explorer, WebSocket rendezvous points, Remote, Backup, and NMS services.
Last reviewed: May 13, 2026
Recommended Wildcard Allowlist
If your firewall supports wildcard entries, allow the following URLs to cover NinjaOne agent and patcher services, File Explorer rendezvous points, and WebSocket rendezvous points.
| Purpose | URL |
|---|---|
| Attachments and Agent Services | https://ninja-attachments.s3.us-west-2.amazonaws.com/* |
| NinjaOne Services | https://*.rmmservice.com |
Core NinjaOne Agent and Patcher Services
If wildcard support is unavailable, allow the following individual URLs.
| Service | URL |
|---|---|
| Main Application | https://app.ninjarmm.com |
| RTC Service | https://rtc-us-west-1.ninjarmm.com |
| RTC Service | https://rtc-us-west-2.ninjarmm.com |
| Agent Tunnel | https://agent-tun-usw-1.ninjarmm.com |
| Agent Tunnel | https://agent-tun-usw-2.ninjarmm.com |
| Agent Tunnel | https://agent-tun-usw-3.ninjarmm.com |
WebSocket Rendezvous Points
Required for remote communication services.
| URL | Notes |
|---|---|
https://connect-us-west-s[0–71].ninjarmm.com |
[0–71] represents 72 different database shard endpoints. |
https://connect-us-west.ninjarmm.com |
Base WebSocket rendezvous endpoint. |
File Explorer Rendezvous Points
Required for File Explorer functionality within NinjaOne.
| URL |
|---|
https://fts-prod-oregon-1.ninjarmm.com |
https://fts-prod-oregon-2.ninjarmm.com |
https://fts-prod-oregon.ninjarmm.com |
https://fts-prod-ohio.ninjarmm.com |
Required IP Gateways
Allow the following IP addresses.
| IP Address |
|---|
52.33.253.235 |
34.212.188.161 |
35.163.67.164 |
NinjaOne Remote
Upcoming infrastructure change: Beginning March 31, 2026, NinjaOne Remote will transition from dynamic IP load balancing to static routing. This change reduces the number of IP addresses required per URL. Propagation may take approximately 30 to 90 days.
Customers using NinjaOne Remote should allow the following URLs and IP addresses as soon as possible.
| Endpoint | URL | IP Addresses |
|---|---|---|
| NC-1 | https://nc-1-us-west-2.ninjarmm.net |
|
| NC-2 | https://nc-2-us-west-2.ninjarmm.net |
|
| NC-3 | https://nc-3-us-west-2.ninjarmm.net |
|
| NC-4 | https://nc-4-us-west-2.ninjarmm.net |
|
| NC-5 | https://nc-5-us-west-2.ninjarmm.net |
|
| NC-6 | https://nc-6-us-west-2.ninjarmm.net |
|
| NC-7 | https://nc-7-us-west-2.ninjarmm.net |
|
| NC-8 | https://nc-8-us-west-2.ninjarmm.net |
|
Legacy Remote IPs Scheduled for Deprecation
Important: NinjaOne plans to start deprecating the following current IPs on March 31, 2026. This date is subject to change.
| URL | Deprecated IP Addresses |
|---|---|
https://nc-1-us-west-2.ninjarmm.net |
34.223.131.118, 52.36.57.35, 52.40.81.96
|
https://nc-2-us-west-2.ninjarmm.net |
35.163.213.71, 54.189.199.16, 54.191.102.69
|
https://nc-3-us-west-2.ninjarmm.net |
34.218.130.234, 35.81.221.94, 44.227.82.28
|
https://nc-4-us-west-2.ninjarmm.net |
44.233.156.197, 52.33.131.229, 54.184.172.175
|
https://nc-5-us-west-2.ninjarmm.net |
18.246.77.150, 35.86.62.177, 44.229.185.67
|
https://nc-6-us-west-2.ninjarmm.net |
34.209.122.144, 35.155.166.182, 54.184.23.143
|
https://nc-7-us-west-2.ninjarmm.net |
34.208.84.204, 34.223.29.16, 35.160.98.51
|
https://nc-8-us-west-2.ninjarmm.net |
35.161.232.46, 44.237.255.66, 52.88.41.74
|
NinjaOne Backup
If using NinjaOne Backup services, allow the following URLs.
| Region | URL |
|---|---|
| US West 2 | https://ninja-backup-uswest2.s3.us-west-2.amazonaws.com |
| US East 1 | https://ninja-backup-useast1.s3.us-east-1.amazonaws.com |
| US East 2 | https://ninja-backup-useast2.s3.us-east-2.amazonaws.com |
| US West 1 | https://ninja-backup-uswest1.s3.us-west-1.amazonaws.com |
NinjaOne NMS
Required for the NinjaOne Network Monitoring Services agent.
| Service | URL |
|---|---|
| NMS Agent | https://agent-app.ninjarmm.com |
Recommendations
- Use wildcard allowlisting whenever supported by your firewall or web filtering platform.
- Allow outbound HTTPS traffic over port
443. - Review firewall policies regularly to account for infrastructure updates.
- Update legacy NinjaOne Remote IP allowlists before March 31, 2026 to help prevent service disruption.