What are the required IP's and ports I need open to connect to the Datadog service?

  1. Traffic is always initiated by the Agent to the Datadog service. No sessions are ever initiated from Datadog back to the Agent. 
  2. All traffic is sent (outbound only) over SSL via 443 TCP.
  3. The destination for most Agent data is <version>-app.agent.datadoghq.com (starting with version 5.2.0; was app.datadoghq.com for prior versions).
  4. The destination for APM data is trace.agent.datadoghq.com
  5. The destination for Live Containers data is process.datadoghq.com
  6. The above urls are CNAMEs; specific IP addresses are subject to change but belong to the ranges listed here:


Open Ports

  • 17123: Agent forwarder, used to buffer traffic in case of network splits between the Agent and Datadog
  • 8125: dogstatsd
  • 8126: traces
  • 123/UDP: NTP - More details on the importance of NTP here.

Starting with version 3.4.0, these ports are available on localhost (, ::1 and fe80::1 only), unless non_local_traffic is set to true.

Default Agent Network Traffic

RedHat and CentOS 5 (python2.4-based)

If you run CentOS 5 you can run the Agent by simply installing datadog-agent-base. In this case traffic flows like this:

datadog-agent --(https)--> https://app.datadoghq.com

Debian, Ubuntu, Mac OS X (python2.6-based)

In most cases (on linux) you run the Agent by installing datadog-agent: In that case traffic flows like this:

datadog-agent --(localhost:17123)--> datadog-agent --(https)--> https://app.datadoghq.com

Using Proxies

For a detailed configuration guide on proxy setup, head over to Proxy Configuration.

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk