Solution · Infrastructure
Zero-config secure enrollment for every IoT device
Enroll sensors, edge devices, and embedded systems into a private mesh network — no static IPs, no open firewall ports, no manual WireGuard key management.
Zero
open inbound ports needed
Auto
NAT traversal for any device
Linux ARM
lightweight agent support
The problem
IoT devices are the weakest link
Sensors and edge devices ship with minimal security. Connecting them to your infrastructure without a dedicated private network is an open invitation.
Devices exposed on public IPs with no encryption
No standard mechanism for device identity or auth
Firmware constraints prevent running heavy VPN agents
One compromised device can pivot to your entire network
How Rabtly helps
A private network for every device, at any scale
Lightweight WireGuard agent
The Rabtly node agent runs on Linux ARM and x86 devices. Minimal CPU and memory footprint — designed for constrained hardware.
Works through any NAT
Devices behind carrier NAT, CGNAT, or restrictive firewalls connect automatically. No port forwarding, no static IP.
Per-device identity
Each device gets a unique WireGuard keypair and a private mesh IP. Compromise one device and you compromise only that device.
Isolated from the internet
Devices talk only to peers on the mesh. No open ports, no public attack surface — data flows only on the encrypted private network.
Getting started
How it works
Create a mesh workspace
Set up your IoT workspace on Rabtly Cloud or your self-hosted control plane.
Generate enrollment tokens
Create device-specific or batch enrollment tokens from the dashboard or CLI.
Deploy your devices
Install the Rabtly agent and run `rabtly up --token <token>`. The device joins automatically.
Define access policies
Restrict which devices can communicate with which backend services using ACL rules.