How does ngrok work behind a firewall?
Because an ngrok tunnel is always initiated on the client-side first, this is how it can negotiate a secure channel with the server. It's a really slick solution to getting around conventional firewall configurations.
This is internally accomplished by the client opening up a single long-lived tcp connection where many logical sockets are created within one physical socket connection. This technique is called stream multiplexing. With this setup in place there is no need for any kind of polling because the client and server still have fully bi-directional communication in place.
The client and server then stay alive with a heartbeat mechanism that makes sure the connection is open and working appropriately and will even reconnect upon error or a lost/closed connection.
See this for more information: Developer Guide on github.com