Store Sign in Sign up Connect with Us Let's Connect
Secure Networking Features

Build private, isolated data paths between your devices and your systems

Ensure every device communicates safely using private routes, encrypted tunnels, and controlled access paths.

Talk to an expert

Control how devices connect, how data moves, and who can reach it

Whether you’re connecting sensors in the field, industrial controllers in remote facilities, or finished products across multiple regions, securing your device traffic should not require custom carrier contracts or months of network engineering. Secure Networking Features give you control over how devices communicate, how data flows, and who can access it—without the operational friction of traditional private APNs or VPN hardware.

These capabilities work across regions and are designed to scale with everything from prototypes to nationwide deployments.

Secure IoT networking with Soracom

Keep device traffic private and predictable
Establish controlled, private routes for every device so traffic flows only where you intend, with clear visibility into how data moves across your fleet.

Design network paths that match your cloud and security architecture
Align device connectivity with your existing security policies and cloud environments, instead of redesigning your architecture around carrier constraints.

Reduce complexity by shifting networking logic out of devices
Move routing, encryption, and access control to the platform so device firmware stays lean and easier to maintain over time.

Getting started is simple

Explore our SOC2 compliant and IT-friendly options for private networking

Private network isolation without custom carrier contracts

Soracom secure networking services will allow you to isolate device traffic at the platform level—controlling which devices can talk to each other, where traffic is routed, and whether data ever touches the public internet.

This removes the need to procure a private APN from a single carrier or replace SIMs across your product line.

Example:

A logistics company can block all internet access and route traffic only into a private cloud environment, without requiring VPN clients on devices.

VPG: Your private APN alternative

What teams normally struggle with

Private APN lead times
Traditional carrier private APNs can require weeks or months of coordination and lock you into a single operator.

Device-side VPNs
Running IPsec clients on microcontrollers increases power draw, complexity, and the risk of misconfiguration.

Cross-carrier fragmentation
Building separate networking setups for each carrier or region slows down deployment.

Secure server access
Many teams need devices to reach AWS, Azure, or their own servers without exposing traffic over the public internet.

Managing inbound access
Devices often need maintenance access, but opening inbound ports or assigning public IPs increases risk.

Network tunneling for on-prem or cloud systems

Virtual private tunnel

Virtual Leased Line to Customer Network

Create an encrypted tunnel between the Soracom platform and your backend, eliminating the need for devices to run VPN software.

 

  • Reduces device complexity
  • Routes traffic securely over IPsec
  • Works with private gateway configurations

 
 

Managed VPN Tunnel (Soracom Door)

Dedicated private line

Dedicated Line to On-Premise Network Infrastructure

Establish a fully private, non-internet path between your infrastructure and the Soracom platform as a leased-line alternative.

 

  • Bypass internet entirely
  • Consistent performance
  • Ideal for regulated or mission-critical environments

 
 

Dedicated Line (Soracom Direct)

Native routing to AWS hosted environements

Connect your AWS private cloud with no internet exposure

You can route device traffic into AWS environments using private VPC peering, Transit Gateway, or a virtual private tunnel—without exposing traffic over the public internet.

Example:
A smart-building platform can ingest data directly into their AWS VPC using private routing, with no internet exposure and no inbound firewall rules.

Native VPC Peering to AWS (Soracom Canal) Cloud-based private APN (VPG)

Granular control of network behavior

Traffic inspection and mirroring

Inspect or mirror packets passing through your virtual gateway for debugging or compliance.

 

  • Diagnose unusual data usage
  • Mirror traffic to analytics tools
  • Validate device behavior

 

Learn about: Packet inspection and mirroring (Soracom Junction)

Device-to-device private networking

Place devices into the same virtual LAN for bidirectional communication, as if they were on a shared local network.

 

  • Peer-to-peer communication
  • OTA maintenance workflows
  • Static private IP addresses

 

Learn about: Virtual LAN for IoT (Soracom Gate)

Additional capabilities used in secure network designs

Troubleshoot devices securely without risking static IPs or open ports

Open temporary, controlled access to devices even when they sit behind NAT, private gateways, or closed networks. Access sessions require no static IPs, no exposed ports, and no agent installed on the device—ideal for field diagnostics and secure maintenance workflows.

• Temporary one-time access
• Works with SSH, RDP, VNC, HTTPS
• No agent required

Learn about On-demand remote access (Napter)

Route device data flexibly without changing your firmware

Use a single, consistent endpoint for every device in your fleet and manage routing centrally. This lets you switch destinations, redirect traffic, or fan out to multiple cloud services without updating firmware or touching devices in the field.

• One endpoint to manage
• Flexible data routing
• Reduces configuration errors

Learn more about Unified Endpoint
Learn more about connecting devices to your cloud environment

Designing a private network for your fleet is only half of the story. Most deployments need a clear and secure path for delivering device data into cloud-native tools. Learn how to route device traffic to AWS, Azure, or Google Cloud using cloud integrations and data pipelines.

Explore Cloud Integrations & Data Pipelines
#

Discuss your private network requirements with an expert

Talk with a Soracom Solutions Architect about private routing, VPN alternatives, VPC peering, or fleet-wide network architecture.

Talk to an expert

Frequently Asked Questions

How do I keep device traffic private without using a carrier-issued private APN?
You can isolate device traffic using a virtual private gateway that controls how devices connect and where their data is routed, without needing a custom APN from a single carrier (Soracom VPG). This avoids lock-in while ensuring traffic is kept off the public internet.
Do I need VPN clients or special software on my devices?
No. VPN termination happens in the platform instead of on the device, which removes the need for IPsec clients or additional software on constrained hardware (Soracom Door).
How do I give my team secure remote access to field devices?
You can open temporary, on-demand access sessions without assigning public IPs or leaving ports open. Remote access works behind private gateways and NAT, and sessions close automatically after use (Soracom Napter).
Can devices communicate with each other over a private network?
Yes. You can place devices into the same virtual LAN to support peer-to-peer communication, OTA maintenance, or field-to-hub architectures using private IP addressing (Soracom Gate).
How does secure networking work when devices use Wi-Fi or Ethernet instead of cellular?
Non-cellular devices can connect through an encrypted tunnel to reach the same private networking features as cellular devices, allowing mixed fleets to share the same security model (Soracom Arc).
How can I securely connect my devices to my cloud environment?
You can create a private path into your cloud by using peering, VPN tunnels, or dedicated lines. These connections deliver device traffic directly to your AWS environment or backend systems without exposing data to the public internet (Soracom Canal, Soracom Door, Soracom Direct).
Can I route device traffic so it bypasses the public internet entirely?
Yes. You can build private network paths using dedicated lines or cloud-native private peering. Devices connect through the platform, and traffic reaches your systems without traversing the internet (Soracom Direct, Soracom Canal).
How can I inspect or analyze network traffic from devices?
You can capture or mirror packets passing through your private gateway for troubleshooting, debugging unusual data usage, or analyzing behavior during development (Soracom Peek, Soracom Junction).
How do I control which systems devices can access?
You can define routing rules, restrict outbound destinations, and disable internet access entirely through the private gateway. This lets you enforce strict network policies without relying on carrier-level controls (Soracom VPG).