cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

about saprouter

Go to solution
Former Member

on ‎03-25-2009 9:46 AM

0 Kudos

Hi expert,

I have installed saprouter and configured it , the service can be started normally.

In local network, users can logon the sap server by SAP Front End, not input SAProuter String,

now I'm wondering if I can prevent it?

I want users of local network to logon with the SAProuter String,

if the SAProuter String is null ,the user can't logon successfully.

thanks very much for your hints.

Best Regards.

Minghong

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

tim_buchholz
Active Participant
‎03-25-2009 11:08 AM
0 Kudos

Dear Minghong,

then you will have to put a firewall in front of the backend system that denies access to the dispatcher port of the system and allows access to the port of the saprouter. The saprouter itself must be allowed to connect to the dispatcher port. This is the normal scenario for a saprouter.

Best Regards,

Tim

Show replies
Show replies
Former Member
‎03-26-2009 7:37 AM
0 Kudos

Hi Tim and Chetan,

thanks very much for your response.

the dispatcher port of sap server is 3200. in ....../etc/services, I delete line "sapdp00 3200/tcp" then restart the sap server, but no user can logon the server with the SAProuter String

the sap server and saprouter are installed in a same computer, I delete line "sapdp00 3200/tcp", but how can the 3200 port be opened to the saprouter ?

regards.

minghong

Former Member
‎03-26-2009 6:08 PM
0 Kudos

Other way you could do is to use a different IP segment for your SAP server then install SAProuter in an old workstation with two network cards, then install Windows 2000, 2003 or better a Linux distro and use this workstation as router so every time a user try to enter the SAP server this should be done using the SAProuter installed at this workstation that is the only one permited to access the LAN segment for the SAP server.

The basic design of Firewalls is to close ports between lans but for routing job it is easier to set up a router. Of course you could set up an old router hanging around in your company.

This could be something like:

Workstation LAN1 -

* ROUTER (with Saprouter installed) -

* SAP Server LAN2

Request to access -

> Saprouter deny or permit -

> Server

and in this scenario if router is correctly configured no other workstation can acces SAP server LAN unless it uses SAProuter.

Good luck

Answers (2)

Answers (2)

Former Member
‎03-26-2009 7:53 AM
0 Kudos

Hi

Please check the following link:

http://help.sap.com/saphelp_nw70/helpdata/EN/43/97179f62eb494ead9f9d137e3aa392/content.htm

and

http://www.easymarketplace.de/saprouter.php?Printer=1

I hope this would help

Regards

Chen

Show replies
Show replies
Former Member
‎03-25-2009 5:34 PM
0 Kudos

Hi Minghong

Please check the following:

1. https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/600c7bea-8d16-2a10-3ba0-97440fb1...

2. http://sapbasisnotes.blogspot.com/2007/11/how-sap-router-works.html

3. Page 11 on http://www.scribd.com/doc/6603036/SAP-Network-Security

I hope this helps you.

Regards

Chen

Show replies
Show replies
Ask a Question