on 03-25-2009 9:46 AM
Hi expert,
I have installed saprouter and configured it , the service can be started normally.
In local network, users can logon the sap server by SAP Front End, not input SAProuter String,
now I'm wondering if I can prevent it?
I want users of local network to logon with the SAProuter String,
if the SAProuter String is null ,the user can't logon successfully.
thanks very much for your hints.
Best Regards.
Minghong
Dear Minghong,
then you will have to put a firewall in front of the backend system that denies access to the dispatcher port of the system and allows access to the port of the saprouter. The saprouter itself must be allowed to connect to the dispatcher port. This is the normal scenario for a saprouter.
Best Regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tim and Chetan,
thanks very much for your response.
the dispatcher port of sap server is 3200. in ....../etc/services, I delete line "sapdp00 3200/tcp" then restart the sap server, but no user can logon the server with the SAProuter String
the sap server and saprouter are installed in a same computer, I delete line "sapdp00 3200/tcp", but how can the 3200 port be opened to the saprouter ?
regards.
minghong
Other way you could do is to use a different IP segment for your SAP server then install SAProuter in an old workstation with two network cards, then install Windows 2000, 2003 or better a Linux distro and use this workstation as router so every time a user try to enter the SAP server this should be done using the SAProuter installed at this workstation that is the only one permited to access the LAN segment for the SAP server.
The basic design of Firewalls is to close ports between lans but for routing job it is easier to set up a router. Of course you could set up an old router hanging around in your company.
This could be something like:
Workstation LAN1 -
* ROUTER (with Saprouter installed) -
* SAP Server LAN2
Request to access -
> Saprouter deny or permit -
> Server
and in this scenario if router is correctly configured no other workstation can acces SAP server LAN unless it uses SAProuter.
Good luck
Hi
Please check the following link:
http://help.sap.com/saphelp_nw70/helpdata/EN/43/97179f62eb494ead9f9d137e3aa392/content.htm
and
http://www.easymarketplace.de/saprouter.php?Printer=1
I hope this would help
Regards
Chen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Minghong
Please check the following:
2. http://sapbasisnotes.blogspot.com/2007/11/how-sap-router-works.html
3. Page 11 on http://www.scribd.com/doc/6603036/SAP-Network-Security
I hope this helps you.
Regards
Chen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.