Which network ports should be open while connecting to Neo4j Aura instances?

Rajesh Thennan

You must configure your firewall/endpoint security application to allow outbound connections to the following ports for TCP traffic:

80* - HTTP requests for Neo4j Browser and Bloom
443 - HTTPS requests for Neo4j Browser and Bloom
7687 - Programmatic access for drivers through neo4j+s:// and neo4j+ssc:// connection schemes

(*) Port 80 is optional and only used to redirect to HTTPS. Not used for data communication.

(*) All ports use TCP for traffic.

You could just enable 443 and 7687 but users have to consciously use https:// while connecting to Neo4j browser and Bloom.

URL / domain:

You could do this for the wildcard domain *.databases.neo4j.io
Alternatively, you could specify the allowlist for the connection URL specific do your DBID - <DBID>.databases.neo4j.io
Also Read: What is my DB ID and how do I retrieve it?
The second approach of allowing the DBID-specific URL would need constant maintenance if you have multiple Aura instances or keep recycling or creating new Aura instances regularly.

Tags: securityTags: firewallTags: encryptedTags: 7474Tags: 7687Tags: portTags: networkTags: trafficTags: 80Tags: httpsTags: 443Tags: endpoint