Private APN

Dedicated, secure network with a private APN.

The service consists in isolating from T-Mobile resources a subnet for a single client, enabling secure data transmission between terminals (phones or other devices equipped with SIM cards) and setting up its connection with the corporate network so that mobile devices can use its resources (applications, files, printers).
Private APN uses available in T-Mobile data transmission technology such as GPRS, EDGE, UMTS, HSPA, LTE. All of those technologies are based on IP protocol, so allow to use TCP/IP protocols. Private APN service also allows to use subnets named APN. APN is identified by its name and consist of information about IP address and routing (direction of data transmission flow from particular APN). Each customer of service Private APN has its own, dedicated subnet created on network carrier’s platform.

Functionally, such a solution corresponds to VPNs known from classic LANs based on Ethernet – at the IP layer only terminals working within a given APN and/or the standard output (default gateway) are visible to each other.

Prywatny APN w T-Mobile

Operating principle


Applicable to

Data transmission for M2M/IoT solutions
Access to corporate network on smartphone/tablet terminals
Dedicated terminals e.g. for couriers, logistics, Police, etc. - with access only to the resources of the Client's network
Access to the Internet via the Client's network - in order to impose policies applicable to Internet access

Service variants

Private APN Closed

This is a subnet (APN) configuration in which only wireless terminals work and can only communicate with each other.
Devices using this service will be authorized by comparing the SIM card number of the using device with the corresponding entry in the T-Mobile internal database (HLR).
This comparison takes place when attempting to open a session and if the card is not on the list of cards authorized to enter a given APN, the system will refuse to open the session.

How it works:


Private APN Open

In this configuration, mobile terminals gain the ability to connect to the internal corporate network in addition to communicating with each other.
Terminals (M2M devices, smartphones, computers connected to the APN) communicate with each other via subnets (APN) on the GPRS platform and via the Internet with terminals on the client’s LAN.
Data transmission on the T-Mobile network will be terminated on the GPRS node – GGSN.
An IPSec tunnel will be established there and terminated at a router at the Customer’s premises or a VPN link.
It is possible to use more than one link and/or IPsec tunnel to ensure redundancy.
It is also possible to use GRE/GRE over IP sec tunnel.

How it works:


In each of the service variants IP addresses for devices will be assigned by the GPRS network from a pool of non-routable addresses in two possible ways:


Each time the connection is initiated the network assigns an IP address from a pool of addresses designated by T-Mobile for the entire duration of the session.
Disconnecting and reconnecting results in the allocation of a new address.


T-Mobile systems will store which IP address is to be assigned to a particular device (SIM card) that activates a GPRS network connection.
The same address will be assigned for subsequent connections .
When a session is opened (context activation), the device will have access in the IP layer to other devices operating in a given APN.

Billing models

We offer two billing models for data traffic in APNs:
"per APN" and "per SIM"

per SIM

Transmission charges are billed per SIM – there are no MB plans at the APN level.

  • Subscription fee for Private APN service.
  • Activation fee.
  • Fee for professional services.

One-time fees (activation fee and optional fee for professional services) are charged regardless of the service variant.

per APN

Transmission fees are billed at the APN – no fees are billed at the SIM level.

  • Subscription fee for Private APN service.
  • Activation fee.
  • Fee for professional services.
  • Data packet – recurring charges.

One-time fees (activation fee and optional fee for professional services) are charged regardless of the service variant.

For APN there are MB packets available in the country and in roaming.

Optional services

  • DHCP

    Possibility of integrating the Client’s DHCP server with the Private APN.

  • DNS

    Possibility of integrating the Client’s DNS server with a Private APN.

  • Blocking traffic between terminals

    Ability to block data transmission between individual terminals connected to the APN.

  • Trusted account

    In case of more than one number of customers wanted to use a single Private APN, it is necessary to mark additional accounts as “trusted accounts”.

  • IP addressing according to customer requirements

    Terminals working in the APN can use addresses assigned by the Customer.


    Possibility to use an authentication solution based on the RADIUS server at the Client’s site.


Two billing options

Transfer data calculated separately for each SIM card or jointly for the whole group.

Secure authentication

Through the RADIUS system.

Choice of network connection type

Open APN can be connected to company network via IPSec on the Internet or via a dedicated link.

Do you have questions or need an offer?

How can we help you?