Neat Pulse Service Update: Additional Network and Firewall Requirements for Neat Pulse
Last updated on May 29, 2026
Impact: All Neat Pulse users with restrictive firewalls will be impacted
Action Required: Update firewall rules before 1st July 2026
We are making important updates to Neat Pulse’s network infrastructure to enhance service reliability and performance.
Starting July 1st 2026, additional IP addresses will be required for Neat Pulse connectivity. If your organization uses restrictive firewall policies, you must update your firewall rules before 1st July to ensure uninterrupted access to Neat Pulse.
This article outlines the required changes and answers common questions about the update.
For the full Network and Firewall requirements, please see our Network and Firewall Requirements article.
1. New IP addresses for Pulse Connectivity
For standard Neat Pulse, devices require outbound access on TCP port 443 for HTTPS. Note that Neat Pulse uses both HTTP/2 and HTTP/1 with WebSockets over this port — ensure your firewall or proxy is configured to support these protocols.
1.1 Domain-Based Filtering (Recommended)
Important Note: For organisations already using domain-based filtering for Neat Pulse, no further action is required.
The simplest approach is to allow traffic to the following DNS hostnames. This means no further firewall changes will be required should IP addresses change or be added in the future. Note that any changes or additions will be communicated beforehand to customers via email.
Domain-based filtering (FQDN) – Allow traffic to:
1.2 For customers with IP-Based filtering
Neat Pulse will require access to the following additional IP addresses alongside the four original IPs marked by an * :
| 4.189.13.179 | 20.77.248.19 | 20.227.56.217 |
| 4.198.77.63 | 20.92.10.192 | 20.235.207.176 |
| 4.207.158.243 | 20.92.178.229 | 20.254.15.62 |
| 4.241.140.244 | 20.98.174.11 | 57.151.13.58 |
| 13.81.211.248* | 20.117.58.250 | 72.152.59.14 |
| 20.16.158.114* | 20.165.201.48 | 104.211.200.147 |
| 20.19.118.118 | 20.170.67.223 | 104.211.222.55 |
| 20.40.156.62 | 20.170.81.151 | 108.142.134.73* |
| 20.49.167.74 | 20.175.81.148 | 130.107.8.132 |
| 20.63.192.125 | 20.200.80.122 | 132.164.150.253 |
| 20.69.23.135 | 20.204.212.28 | 135.149.170.152 |
| 20.76.42.235* | 20.220.77.81 | 135.222.164.31 |
2. Additional IP and Ports for Neat Open*
Neat Open will be reaching general availability soon. To prepare for it, the following network requirements must be configured.
*For more information on Neat Open, please see: Neat Open , Neat Open: A Stunning New Era for BYOD Spaces and Open for More: Why Flexibility Is the New Infrastructure
Neat Open requires additional allowlisting beyond the standard Pulse requirements. You will need to allow:
- IP address:
20.229.1.92 - Ports:
3478(UDP and TCP) - DNS hostnames:
go.neat.noand*.go.neat.no
Note: We recommend allowing traffic via domain-based filtering (go.neat.no and *.go.neat.no) to ensure no further changes are required should IP addresses be updated in the future.
Important Note: If your organisation is not using Neat Open, none of the above are required — you only need to allowlist the standard Pulse IPs and ports listed above.
3. Frequently Asked Questions
1. Why is such a large block of IP addresses required?
Neat Pulse is built on a distributed cloud infrastructure spanning multiple Azure regions to ensure high availability and resilience. Each region requires dedicated egress IPs, which is why the total list is larger than you might expect from a single-endpoint service. These are specific, known addresses — not a broad shared cloud range.
2. Can we block IP addresses from regions we don’t operate in?
This is not supported. While Neat guarantees that your data is hosted in your selected jurisdiction for customers on a paid plan, the nature of internet routing means that traffic may pass through infrastructure in other regions to reach its destination reliably. Blocking IPs by region risks disrupting your service. All traffic is fully encrypted in transit regardless of the path it takes, so there is no security or privacy risk in allowing the full IP list — your data remains within your chosen data residency region.
3. Are these IP addresses dedicated to Neat’s traffic, or shared with other tenants?
These are dedicated IP addresses assigned exclusively to Neat’s infrastructure. They are not shared with other customers or tenants of our cloud provider, so there is no risk of another party’s traffic passing through the same addresses you’ve allowed.
4. Will these IPs remain static, and how will future changes be communicated?
If you choose to filter by IP, these addresses are intended to be stable. However, if changes are required, we will notify you in advance — with at least 30 days’ notice — via email. The latest and complete list is always available on our Network and Firewall Requirements support page. For customers who prefer not to manage IP updates, domain-based filtering (see above) is the simpler long-term option.
5. What security controls are in place for the infrastructure behind these IPs?
Neat Pulse is built on Microsoft Azure with a defense-in-depth architecture, including DDoS protection, a web application firewall, stateful firewalls, and a managed intrusion detection and prevention system. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Neat holds ISO/IEC 27001:2022 certification, conducts regular independent third-party penetration testing, and has 24/7 operations monitoring. For full details, see the Neat Pulse Security White Paper.