You must configure your firewall/endpoint security application to allow outbound connections to the following ports for TCP traffic:
- 80* - HTTP requests for Neo4j Browser and Bloom
- 443 - HTTPS requests for Neo4j Browser and Bloom
- 7687 - Programmatic access for drivers through neo4j+s:// and neo4j+ssc:// connection schemes
(*) Port 80 is optional and only used to redirect to HTTPS. Not used for data communication.
(*) All ports use TCP for traffic.
You could just enable 443 and 7687 but users have to consciously use https:// while connecting to Neo4j browser and Bloom.
URL / domain:
- You could do this for the wildcard domain *.databases.neo4j.io
- Alternatively, you could specify the allowlist for the connection URL specific do your DBID - <DBID>.databases.neo4j.io
Also Read: What is my DB ID and how do I retrieve it?
The second approach of allowing the DBID-specific URL would need constant maintenance if you have multiple Aura instances or keep recycling or creating new Aura instances regularly.