How Soracom’s VPG Outbound Filtering Feature Helps You Take Back Control of Your Traffic

Written by Nicolas Desveaux

By Nicolas Desveaux, Key Accounts Manager

Published: October 4th, 2024

As IoT devices become more connected, securing your network isn’t just important – it’s critical. Every new connection can introduce risks like unauthorised data usage or even breaches. While a more powerful microcontroller might offer built-in security features, hardware upgrades often come at a higher cost. In this article, we’ll explore the in-built Soracom Virtual Private Gateway option of Outbound Filtering to enhance the security of your IoT devices effortlessly, without compromising on your budget.

The Challenge with Implementing Security at the Device and Firmware Level

In IoT, devices very often communicate through IP protocols and cellular devices are no exception. Ensuring that these devices consistently communicate with the correct endpoints only is critical for both security and performance.

Without proper controls, some devices can unexpectedly open communication channels, leading to unintended consequences such as higher data costs, decreased battery life, or worse – sending sensitive data to unauthorised or rogue endpoints or unexpected destinations. 

This is a particular concern when working with white-label devices or tablets with full-featured operating systems, where built-in security measures may be insufficient or difficult to manage.

Outbound Filtering Empowers your Security at the Network Level

Soracom’s Outbound Filter option provides an elegant solution to address these issues at a network-level, instead of implementing security at the device and firmware-level. This is provided as a free option for every Soracom Virtual Private Gateway (VPG) type, no matter how many concurrent sessions are active.

As Air and Arc devices in your account connect to the Soracom platform using a closed network environment, the Outbound Filter controls which endpoints your devices can communicate with to ensure secure, reliable connections from day one.

Additionally, this blacklist and whitelist can be changed at any point in the future with instant effect through Soracom’s User Console or dynamically via Soracom’s API or CLI tool.


Figure 1: Network diagram showing Outbound Filtering enabled

2 Easy Ways to Set Up Outbound Filtering

The first way to set up Outbound Filtering is through the Soracom User Console

You can set up a whitelist of IP addresses or IP ranges where outgoing traffic can be routed through to ‘allow’ or ‘deny’ access. This can prevent your devices from communicating with untrusted servers, accessing unauthorised resources and protecting your data from being sent to unknown destinations.

Figure 2: Before IP addresses and ranges are added to Outbound Filter

Figure 3: After IP addresses and ranges are added to Outbound Filter

Outbound Filtering can be applied to:

  • VPGs with Canal, Door, and Direct (using the direct route to your private network environment through VPC Peering Connections, VPN connections, or virtual interfaces)
  • VPGs where the Internet gateway is enabled

The second way to set up an Outbound Filter is with Soracom’s API or CLI tool. This allows you to manage filter VPG IP addresses programmatically using HTTP requests.

Cost-Effective IoT Scaling with Soracom

One of the key advantages of Soracom’s Outbound Filtering is its flexibility during the early stages of IoT deployment. Even if your full infrastructure isn’t in place while you’re equipping devices with SIMs, this won’t pose a challenge. As your infrastructure evolves, you can seamlessly activate Outbound Filtering without needing to alter your device configurations. The solution is entirely self-service, and can be implemented in seconds, offering immediate protection and scalability, regardless of your current setup.

Soracom has thoughtfully designed this solution to enhance the security of your architecture with minimal trade-offs. It offers a range of methods to significantly boost your security levels without compromising efficiency. In fact, as your deployment scales, the cost-effectiveness of Outbound Filtering improves, making it even more valuable as you grow.

Scalable Security with Soracom: Protect Your IoT Deployment Without Compromise

With Soracom’s VPG Outbound Filtering, securing your IoT deployment is simple, scalable and cost-effective. You can control device communications at the network level without expensive hardware or complex configurations. As your deployment grows, Soracom adapts, ensuring secure connections with minimal effort.

Stay connected with us to learn how to make your IoT cellular deployments scalable with zero compromise on security. For more details, contact our team or explore the VPG Outbound Filtering technical documentation to get started today.

Happy Energy used Soracom's VPG Outbound Filtering to add a new layer of security to their traffic.

More great resources for IoT devs