May 20, 2024
Secure site-to-site connectivity: Implement now with ngrok's how-to guides
Frequently asked questions
You install the ngrok agent inside your customer's network. The agent creates outbound TLS connections to ngrok's global network, then you configure endpoints that route traffic from your services to the agent and on to customer resources. Your customer never opens inbound ports.
ngrok is SOC 2 Type 2 compliant and trusted by over 9 million developers. You can enforce mTLS, JWT validation, OAuth, SAML, and IP restrictions on any endpoint. Traffic can be end-to-end encrypted, and you control exactly which services are accessible through scoped authtokens and ACLs.
Anything with a network address: REST APIs, databases (PostgreSQL, MySQL, MongoDB), device APIs, internal web apps, IoT endpoints, and legacy systems. If the ngrok agent can reach it on the customer's network, you can expose it through an internal endpoint.
No. The ngrok agent connects outbound on port 443, which is typically already allowed. Your customers don't need to open inbound ports, configure NAT, or set up VPN infrastructure.
VPNs require configuration on both ends, ongoing maintenance, and often dedicated hardware or software. Plus, their default config often gives you access to your customers' entire network, which is one of the many reasons they're not well-loved.
ngrok collapses this into a single agent that handles encryption, load balancing, failover, and access control. The agent also has tightly scoped access by default, meaning it can only access exactly the services required and none more. All without touching your customer's network infrastructure.