ESIM Bootstrap guide: Difference between revisions
No edit summary |
No edit summary |
||
| Line 11: | Line 11: | ||
[[File:Esim bootstrap topology.png|border|class=tlt-border]] | [[File:Esim bootstrap topology.png|border|class=tlt-border]] | ||
=== Firstboot with bootstrap device === | === Firstboot with bootstrap device === | ||
Devices with a bootstrap profile have limited internet access, | Devices with a bootstrap profile have limited internet access, specifically configured for the initial setup. Upon first boot, the device checks for a bootstrap profile. If one exists, it automatically generates a configuration that only allows connections to the RMS (Remote Management System) and the SM-DP server. All other traffic and ports are blocked, except for '''RMS''', '''DNS (53)''', '''DHCP (68)''', and '''NTP (123)'''. | ||
During the device’s first boot with the default configuration, the limited data allocation should be sufficient for approximately one month. If the device is not added to the RMS system, the RMS service will continuously attempt to connect by sending requests, which consumes data. Conversely, if the device is added to the system, data will be used for communication between the device and RMS, including sending updates about the device’s status. | |||
Note that the firewall rules controlling eSIM traffic limits can be edited; however, we strongly recommend '''not''' disabling these rules. Limiting bootstrap device traffic is critical, as the allocated data for the bootstrap profile can be quickly exhausted. | |||
---- | |||
=== Setting up the device === | |||
The setup procedure for an eSIM device with a bootstrap profile follows the same steps as a standard eSIM configuration. For detailed guidance, please refer to our [[ESIM Configuration example|'''eSIM Configuration Example''']] article. | |||
Once a new eSIM profile is successfully downloaded, the bootstrap profile and all related configurations—including the bootstrap eSIM zone with its preconfigured traffic-blocking rules are automatically removed. The newly downloaded eSIM profile is then set as the default primary SIM. | |||
Alternatively, the configuration can be performed through RMS using zero-touch deployment. This allows you to remotely configure the device and initiate the download of the full eSIM profile via the SM-DP server, which manages eSIM profiles. To access the eSIM configuration in RMS, navigate to '''Management → Devices''' and select the device you want to configure by checking the corresponding box in the main Devices table. Then, click the '''Actions''' button and go to the '''Configuration''' submenu, where you will find the '''eSIM Configuration''' option. | |||
More details on the RMS eSIM management can be found in the [[How to configure eSIM profiles in RMS?|RMS eSIM configuration article.]] | |||
=== SIM Switch === | === SIM Switch === | ||
The devices also come with preconfigured SIM switch rules designed to manage connectivity between the physical SIM (Primary SIM) and the eSIM bootstrap profile. | The devices also come with preconfigured SIM switch rules designed to manage connectivity between the physical SIM (Primary SIM) and the eSIM bootstrap profile. | ||
If no physical SIM is detected within 1 hour of startup, the device automatically switches to the eSIM bootstrap profile. Once the eSIM establishes a connection, the system switches back to the physical SIM after 15 minutes. This SIM switching cycle continues until a full eSIM profile is successfully downloaded. If a physical SIM card is present, the switching does not occur at all. | If no physical SIM is detected within 1 hour of startup, the device automatically switches to the eSIM bootstrap profile. Once the eSIM establishes a connection, the system switches back to the physical SIM after 15 minutes. This SIM switching cycle continues until a full eSIM profile is successfully downloaded. If a physical SIM card is present, the switching does not occur at all. | ||
=== Additional information === | === Additional information === | ||
Revision as of 11:44, 11 September 2025
Introduction
As part of the recent PCN (Product Change Notification) updates for the eSIM devices, we are introducing a new feature - Bootstrap.
When an eSIM-enabled device is powered on for the first time, it requires a way to connect to the network server that manages its subscription. The bootstrap profile makes this possible by providing the initial credentials needed for network access.
In simple terms, the bootstrap profile is preloaded onto the eSIM during manufacturing. Once the device is activated, this profile allows the IoT device to connect to the mobile network and supported roaming partners, as defined in the profile.
Device configuration
Topology
Firstboot with bootstrap device
Devices with a bootstrap profile have limited internet access, specifically configured for the initial setup. Upon first boot, the device checks for a bootstrap profile. If one exists, it automatically generates a configuration that only allows connections to the RMS (Remote Management System) and the SM-DP server. All other traffic and ports are blocked, except for RMS, DNS (53), DHCP (68), and NTP (123).
During the device’s first boot with the default configuration, the limited data allocation should be sufficient for approximately one month. If the device is not added to the RMS system, the RMS service will continuously attempt to connect by sending requests, which consumes data. Conversely, if the device is added to the system, data will be used for communication between the device and RMS, including sending updates about the device’s status.
Note that the firewall rules controlling eSIM traffic limits can be edited; however, we strongly recommend not disabling these rules. Limiting bootstrap device traffic is critical, as the allocated data for the bootstrap profile can be quickly exhausted.
Setting up the device
The setup procedure for an eSIM device with a bootstrap profile follows the same steps as a standard eSIM configuration. For detailed guidance, please refer to our eSIM Configuration Example article.
Once a new eSIM profile is successfully downloaded, the bootstrap profile and all related configurations—including the bootstrap eSIM zone with its preconfigured traffic-blocking rules are automatically removed. The newly downloaded eSIM profile is then set as the default primary SIM.
Alternatively, the configuration can be performed through RMS using zero-touch deployment. This allows you to remotely configure the device and initiate the download of the full eSIM profile via the SM-DP server, which manages eSIM profiles. To access the eSIM configuration in RMS, navigate to Management → Devices and select the device you want to configure by checking the corresponding box in the main Devices table. Then, click the Actions button and go to the Configuration submenu, where you will find the eSIM Configuration option.
More details on the RMS eSIM management can be found in the RMS eSIM configuration article.
SIM Switch
The devices also come with preconfigured SIM switch rules designed to manage connectivity between the physical SIM (Primary SIM) and the eSIM bootstrap profile.
If no physical SIM is detected within 1 hour of startup, the device automatically switches to the eSIM bootstrap profile. Once the eSIM establishes a connection, the system switches back to the physical SIM after 15 minutes. This SIM switching cycle continues until a full eSIM profile is successfully downloaded. If a physical SIM card is present, the switching does not occur at all.
Additional information
Each device with eSIM support comes with a preinstalled bootstrap profile that includes 10 MB of data. This is sufficient to download a dedicated eSIM profile from your service provider.
Note: The bootstrap profile is valid for 1 year starting from the manufacturing date of the device. After the 1 year, profile will no longer be available meaning that you will have to follow the default procedure of activating the eSIM, which requires internet connection from other sources.
This feature is especially useful for deploying devices in remote locations where no alternative internet connection is available, simplifying the setup process.
Supported country list
| EMEA | APAC | AMERICAS | Territories / Special Regions | |||
|---|---|---|---|---|---|---|
| Albania | Austria | Belgium | Bulgaria | China | Brazil | Gibraltar |
| Croatia | Cyprus | Czech Republic | Denmark | Hong Kong | Canada | Guadeloupe |
| Estonia | Finland | France | Georgia | India | Colombia | Northern Mariana Islands |
| Germany | Greece | Hungary | Iceland | Indonesia | Costa Rica | Réunion |
| Ireland | Italy | Latvia | Liechtenstein | Malaysia | Mexico | |
| Lithuania | Luxembourg | Malta | Montenegro | Singapore | United States of America | |
| Netherlands | Norway | Poland | Portugal | Sri Lanka | ||
| Romania | Slovakia | Slovenia | South Africa | Taiwan | ||
| Spain | Sweden | Switzerland | United Kingdom | Vietnam | ||
| Egypt | Saudi Arabia | Kuwait | Qatar | Australia | ||
| Turkey | Tunisia | |||||
See also
ESIM Configuration example
Requirements for embedded-SIM (eSIM)
What IP addresses and ports are used by RMS?
RMS Configuration eSIM