Support

Support for business applications

Kaspersky IoT Secure Gateway 1000

Configuring Kaspersky IoT Secure Gateway 1000

Configuring network settings

Configuring MQTT broker settings

Limitations when configuring an MQTT broker

Kaspersky IoT Secure Gateway 1000
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Limitations when configuring an MQTT broker

April 12, 2024

ID 188511

Get as PDF

Connections to local devices are made without using a TLS protocol. Connections to devices on an external network are made using a TLS protocol.

Kaspersky IoT Secure Gateway 1000 supports configuration of the MQTT broker Eclipse Mosquitto settings with the following limitations:

  • It is not permitted to use the capath, bridge_capath and include_dir options for assigning the path to file locations.
  • It is not permitted to use the TLS protocol to configure a connection of equipment with Kaspersky IoT Secure Gateway 1000.

    The following parameters are not supported when configuring a connection with Kaspersky IoT Secure Gateway 1000 from the internal network: cafile, certfile, ciphers_tls1.3, crlfile, dhparamfile, keyfile, require_certificate, tls_engine, tls_engine_kpass_sha1, tls_keyform, use_identity_as_username, use_subject_as_username, psk_hint.

  • It is required to use the TLS protocol for connection of Kaspersky IoT Secure Gateway 1000 with devices or cloud services in the external network.

    The following options are not supported when configuring a connection: bridge_insecure (always false), bridge_alpn, bridge_capath, bridge_cafile, bridge_certfile, bridge_keyfile, bridge_identity, bridge_psk, bridge_require_ocsp, bridge_tls_version.

  • There can be a connection with only one client application for each MQTT broker profile (you can indicate only one bridge parameter in the configuration file). Simultaneous operations with multiple client connections are not supported. To establish a connection with another client, you must switch to a different MQTT broker profile.
  • The following options are not supported when configuring an MQTT broker profile: bridge_require_ocsp, log_dest file, pid_file and http_dir, persistence, websockets, auth_plugin, password_file.
  • When configuring an MQTT broker profile, you must use the allow_anonymous option.
  • To connect the MQTT broker to a digital platform that supports the MQTT protocol, you must specify the standard port 8883 for the connection.
  • Port 1883 must be used to connect an end user device to Kaspersky IoT Secure Gateway 1000.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.