IP Filtering for Neo4j Aura — Simpler and Stronger Network Security

Ian McCloy

Senior Product Manager, Neo4j

3 min read

Create a free graph database instance in Neo4j AuraDB

We’re excited to announce the release of IP filtering for Neo4j Aura Virtual Dedicated Cloud and Business Critical tiers. This powerful new feature allows Aura users to control network access to their Neo4j AuraDB graph databases by specifying which IP address ranges are permitted. With IP filtering, you can enhance your network security while keeping your deployment straightforward and easy to manage.

Built on a Strong Security Foundation

Neo4j Aura already supports multiple models for securing database network access.

If you enable public access, your instance is reachable over the public internet by users who authenticate with the correct credentials.

If you prefer a fully private setup, you can disable public access and connect using private endpoints. These endpoints are network interfaces created inside your own VPC. They use your cloud provider’s internal network to connect directly to Aura. This keeps your traffic off the public internet and ensures that only systems inside your network can reach the database.

You can also use a hybrid model, enabling public and private access depending on your architecture and requirements. In a hybrid model, Aura IP filtering can be applied to the public access points.

While private endpoints offer strong protections, they also require cloud-side setup. You must configure networking, assign internal IPs, manage DNS records, and maintain those resources. This can add operational overhead, especially for teams that want to move fast or work across different environments.

IP Filtering Offers a Streamlined Alternative

IP filtering gives you the ability to restrict access to your Aura instances based on IP address ranges, without requiring any changes to your cloud infrastructure. You don’t need to create endpoints, set up routing, or manage DNS. You simply define which IP ranges are allowed to connect.

This provides strong network-level access control in a lightweight and easy-to-manage form. Whether your instance is publicly accessible or configured for hybrid use, IP filtering allows you to enforce a clear boundary around your data.

Neo4j Aura IP filtering illustration

How It Works

  • You can manage filters through the Aura Console UI or the Aura Admin API.
  • Each VDC database instance supports up to 100 allowed IP ranges. Business Critical instances each support 20 IP filter ranges. Higher-capacity options are available upon request.
  • Filters can be linked to one or more database instances.
  • A filter can also be applied at the project level, so that existing and new instances created within the project automatically inherit the filter rules.

This means you can set up IP filtering once at the project level and ensure that all new databases within that project follow the same access policy. It reduces manual work and helps maintain consistent security across your environments.

Ideal Use Cases for IP Filtering

IP filtering is a great fit when you want to:

  • Quickly secure public instances without cloud configuration
  • Limit access to trusted networks such as office locations or partner data centers
  • Enforce corporate or regulatory access boundaries with minimal setup
  • Apply access controls to dev or test environments where private endpoints are unnecessary
  • Block access from geographic regions you don’t operate from
  • Standardize access policies across an organization or project without having to manage each instance individually

This feature complements existing private access capabilities, giving you more choice and flexibility in how you protect your data.

Available Now and Growing

IP filtering is available for customers using Virtual Dedicated Cloud and Business Critical tiers. Support for additional tiers will be available in the future.

To get started, sign in to the Aura console, open your organization settings, and configure your IP filters in the security section. You can also use the API to automate access rules as part of your deployment workflows.

Check out the IP filtering documentation about this feature for more details.

Neo4j Aura continues to evolve to meet the needs of secure, high-performance, and scalable graph applications. IP filtering is the latest step in making enterprise-grade security more accessible and easier to use.

Protect your data. Simplify your setup. Take control with IP filtering in Neo4j Aura.

IP Filtering for Neo4j Aura — Simpler and Stronger Network Security was originally published in Neo4j Developer Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Share Article

Explore

Using GraphQL Middleware With Neo4j GraphQL


6 min read

Query, Chomp, Repeat


18 min read

Exploring the Neo4j Spatial Plugin: Custom Procedures for Spatial Analysis


4 min read

Neo4j MCP Server: Your ADHD-Friendly House-Moving Assistant


5 min read

Why I’m Replacing My RAG-Based Chatbot With Agents


5 min read

Exploring Neo4j Spatial: Path Intersections Using AIS Data


8 min read