Private Garden

Overview

By default, all Soracom Air for Cellular devices will connect to the Soracom platform using a shared gateway. This shared gateway allows Air devices to connect to the Internet (such as your web server or other Internet-accessible resource), and also to use other Soracom services, such as Beam, Funnel, Funk, and Harvest.

In some applications, you may prefer to block the device's Internet access, in order to control how much data is used or to prevent unwanted usage in case the device is tampered with. Soracom provides an alternate gateway called Private Garden allows your devices to utilize Soracom services, but will block the device from accessing the Internet.

Since Private Garden still allows your device to connect to Soracom services, you can in turn configure a Soracom service such as Soracom Beam or Soracom Funnel to send data to your server. This allows you to continue to receive data from your device over the Internet, while preventing your device from making unwanted connections to the Internet directly. Private Garden is a free service provided by Soracom


Limitations

Using Soracom Beam MQTT and TCP → TCP/TCPS entry points with a public destination requires an Internet route and therefore cannot be used with Private Garden.


Configuration

The Private Garden option can be enabled by setting the Virtual Private Gateway option found within Soracom Air for Cellular Group settings.

  1. Login to the User Console. From the Menu, open the Groups screen.

  2. From the list of groups, click the name of the group you want to configure to open its settings page.

    You can also open the group settings page directly from the SIM Management screen. Simply find a SIM that currently belongs to the group you want to configure, then click the group name.

  3. From the Basic Settings tab, click the SORACOM Air for Cellular panel to expand its settings.

    https://console.soracom.io

    Virtual Private Gateway

  4. Enable the Virtual Private Gateway option by switching the option to ON.

  5. Click the VPG option and select Shared VPG for Private Garden (PrivateGarden).

  6. Click Save at the bottom of the panel.

When modifying the Virtual Private Gateway settings, the new gateway configuration will not take effect until the attached Air subscribers fully detach and reconnect. To ensure that your device connects using the specified gateway, we recommend restarting the device.