Skip to content
Technical guide

Allowlist the NDS IP on your database

When NDS connects to your database, the TCP request originates from the public IP of our backend. Most managed databases require that IP to be explicitly authorized in the firewall before accepting the connection. You'll find the current IP in the IP server button on the workspace "Database" page, or in the verification step of the new connection wizard.

Supported providers

Step-by-step instructions for the six most common providers. For custom environments, follow your firewall's official documentation.

Microsoft Azure SQL

  1. Open the SQL server in the Azure portal → 'Networking' → 'Firewall rules'.
  2. Add an IPv4 rule with the IP shown in the NDS banner (single IP or CIDR range).
  3. Save. The rule is active within a few seconds.
Official documentation

AWS RDS / Aurora

  1. Open the EC2 console → 'Security Groups' for your RDS instance.
  2. Inbound rules → add a TCP rule on the engine port (5432/3306/1433) with the NDS IP as source.
  3. Save rules.
Official documentation

Google Cloud SQL

  1. Open the instance in Cloud SQL → 'Connections' → 'Networking'.
  2. Add an 'Authorized network' with the NDS IP.
  3. Save. The change takes ~30 seconds.
Official documentation

Oracle Cloud (OCI) Autonomous DB

  1. Open Autonomous Database → 'Network' → 'Access Control List'.
  2. Add the NDS IP to the 'IP address or CIDR block' field.
  3. Save. The rule applies immediately.
Official documentation

PostgreSQL on-premise

  1. Edit `pg_hba.conf` adding `host all all <NDS-IP>/32 md5`.
  2. Update `postgresql.conf` with `listen_addresses = '*'` if needed.
  3. `pg_ctl reload` to apply without a restart.
Official documentation

MySQL / MariaDB on-premise

  1. Update `my.cnf` with `bind-address = 0.0.0.0` if public binding is needed.
  2. Grant the user rights from that host: `GRANT ALL ON db.* TO 'user'@'NDS-IP'`.
  3. Restart the MySQL service.
Official documentation

Frequently asked questions

Can I avoid the allowlist if I use a VPN or tunnelling?
Yes. NDS supports SSH tunnelling and site-to-site VPN for Enterprise plans. In that case the IP the DB sees is the VPN/SSH node's, not the public NDS IP.
Does the NDS IP ever change?
On Free and Pro plans the backend runs on shared pools; the IP is stable over ~6-month windows but may rotate for maintenance (we notify you by email 14 days in advance). On Enterprise plans you have dedicated static IPs.
Which ports does NDS need to reach?
Only the native port of your DB engine: 5432 (PG), 3306 (MySQL/MariaDB), 1433 (MSSQL), 1521 (Oracle), 27017 (Mongo), 6379 (Redis), 443 (Cosmos). NDS does not require ICMP or other auxiliary ports.
What happens if I change network and the IP is not yet in the allowlist?
The connection test fails with a toast linking to this page. SQL execution is blocked server-side; no data is exfiltrated.

Need help?

If you have questions about setup, contact us at support@neuraldatastudio.ai — the team responds within one business day.

Cookie preferences

Manage the cookie categories you allow. Your choices are saved on your device for 12 months.