Product

Static private IP SIM: secure remote access to routers, IP cameras and PLCs

Dedicated private IP per SIM, with managed port forwarding and per-source allowlist. Reach the router, IP camera, PLC, or Linux gateway directly from your platform — no CGNAT, no need to open the customer's firewall. Rules are API-configurable, with full access audit logs.

Key features

Dedicated private IP per SIM

A private IPv4 permanently assigned to your SIM. It does not change between sessions or when the device re-attaches to a different carrier.

Managed port forwarding

Define which device ports to expose, on which external ports, and from which source IPs they can be reached.

Per-source allowlist

Only IPs you declare may connect. Everything else is dropped silently — no scan possible.

REST API for automation

Create, modify and remove rules from your own platform. Ideal for multi-tenant or large-scale deployments.

Access audit log

Every connection attempt is recorded: timestamp, source IP, port, result (allowed or blocked).

Works with any industrial router

No VPN client or special device-side config required. Validated with Teltonika, Robustel, MikroTik, Cradlepoint and most commercial 4G/5G routers.

Technical specifications

IP typeDedicated private IPv4 (routed)
APNStatic-IP-specific (configuration provided)
Max ports per SIMNo operational limit (recommended <20 active rules)
Allowed trafficTCP, UDP
Audit log30 days online, exportable to S3 or webhook
Added latency<5 ms (within Europe)
REST APIYes, with HMAC and ICCID idempotency
MTU1500 bytes

Use cases

  • Remote access to industrial routers (Teltonika, Robustel, MikroTik, Cradlepoint)
  • Remote management of IP cameras and NVRs (Hikvision, Dahua, Axis)
  • Modbus TCP polling of PLCs in solar plants
  • SSH maintenance of Linux gateways (Raspberry Pi, IOT2050)
  • SNMP monitoring of distributed network equipment
  • WAN backup with remote access to the failover router
  • SCADA integration with OPC UA over private IP
  • Multi-tenant management: each customer gets their SIM, IP, and rules

Use cases by protocol

Static private IP is transparent to the device protocol. Examples by real-world use:

ProtocolTypical devices
HTTP / HTTPS (ports 80, 443)Web UI of Teltonika RUTX/RUT, MikroTik (Webfig), Cradlepoint, Robustel routers; IP camera dashboards.
RTSP (port 554) and ONVIFHikvision, Dahua, Axis IP cameras. Remote access to streams from a video-surveillance platform.
Modbus TCP (port 502)Siemens S7, Schneider M340, Allen-Bradley Micro800 PLCs. Reading industrial variables remotely.
SSH (port 22)Linux gateways (Raspberry Pi, IOT2050, BeagleBone), MikroTik routers via CLI.
SNMP (port 161)Managed switches and routers, monitoring via Zabbix/PRTG/LibreNMS.
OPC UA (port 4840)SCADA systems, integration with modern industrial platforms.

Security model

The iot.cards monitored gateway applies an allowlist per SIM or per SIM group. Only the hosts or CIDR ranges you declare may initiate connections to the device. Every access attempt is logged.

  • Source-IP allowlist, configurable per SIM or per group.
  • Per-port rules: you can allow HTTP but not SSH, for example.
  • Persistent audit log: timestamp, source IP, destination port, result (allowed / blocked).
  • IP rotation without swapping the SIM if access credentials are compromised.

REST API: manage rules dynamically

All port-forwarding and allowlist rules are manageable via REST API. Useful when you provision a new device from your own platform, or when a field technician needs temporary access from a new source IP.

Example: open HTTPS to the device from two CIDR ranges

POST /api/v1/sim/{iccid}/port-forwarding
{
  "external_port": 8443,
  "internal_port": 443,
  "protocol": "tcp",
  "allowlist": ["203.0.113.10/32", "198.51.100.0/24"]
}
View REST API documentation

Related products

Ready to get started?

Start with a test kit, or tell us about your project.

Buy SIM Test Kit

Test kit · 1 GB / 12 months · €15 · ships in 48 h

Go to shop

Talk about your project

Custom quote based on your deployment

Tell us about it

Explore also

Frequently asked questions

Can I change port-forwarding rules at any time?
Yes, via portal or REST API. Changes take effect within seconds. This lets you, for example, open SSH temporarily for a field technician from a specific IP and then close it again automatically.
Does it work with any 4G/5G industrial router?
Yes. The SIM needs no special device-side configuration beyond the static-IP APN we provide. We have validated with Teltonika RUT/RUTX, MikroTik LtAP/Chateau, Cradlepoint IBR/E300, Robustel R1511/R3000, and most commercial models.
Is it compatible with CCTV (Hikvision, Dahua)?
Yes. Static private IP (with port forwarding) allows you to expose RTSP (554), ONVIF, and the admin web of NVRs and IP cameras. We recommend restricting to the required port and to your management-platform IPs only — do not open all ports.
What happens if an authorized source IP changes (e.g. office dynamic IP)?
Three options: (a) update the allowlist via API when it changes, (b) use a wide CIDR range from the office provider, or (c) reach the device through a bastion host with a stable address. Customers with many dynamic accesses usually find the bastion the simplest path.
Is there a per-rule cost for port forwarding?
No. The price of the routed static-IP SIM includes the gateway and all active rules. We only scale price if monthly traffic exceeds the contracted plan.
How does this compare to private APN with VPN?
Private APN with VPN is the right answer when the device must join your internal network or when you have many SIMs and want a single management point. Static private IP is the right answer when you need to reach individual devices from your SaaS platform and you do not want to maintain a VPN concentrator. See /products/private-apn for the private-APN case.