Skip to content

Firewall operations

Customer networks are the norm for commercial IoT deployments. Devices sit behind NAT, corporate firewalls, and ISP routers you do not control.

Why traditional access fails

Port forwarding requires:

  • Administrative access to the customer's router
  • A static local IP for each device
  • Inbound firewall exceptions
  • Coordination with customer IT for every deployment

VPN access requires:

  • VPN server setup and maintenance
  • Customer IT to allow VPN traffic
  • Per-user VPN accounts and credential management

How Dataplicity works in customer networks

The agent makes outbound HTTPS connections only. If the device can reach the internet (the same way it would reach any HTTPS website), Dataplicity works.

No inbound ports. No customer firewall changes in most cases.

Restricted networks

Some customer networks filter outbound HTTPS. In that case, allow these hosts on TCP port 443. See Firewall requirements:

  • api.dataplicity.com
  • m2m.dataplicity.com

Provide this list to customer IT during deployment planning.

When to use this

  • Devices deployed to customer-owned facilities
  • Retail, industrial, agricultural, or municipal sites
  • Any environment where you cannot configure the local router