cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Filtering client's IP

Go to solution
danielgonzalez
Explorer

on ‎04-21-2013 10:31 PM

0 Kudos

Hello experts,

I have been asked if it's possible to not allow consuming the web services published in PI from unauthorized IPs. As far as I know, this requisite isn't possible to accomplish using only PI. I think it should need to redefine the network map and use a firewall to reach PI. Please share your thoughts about this issue.

Regards,

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member191911
Contributor
‎04-22-2013 9:58 AM
0 Kudos

Hi Gonzalez,

You can put a webdispatcher in front of your PI system and blacklist certain IP's via IP filtering.

See below documentation how to set this up.

http://help.sap.com/saphelp_nw04s/helpdata/en/16/12e34143b15f24e10000000a1550b0/content.htm

Installation of the webdispatcher itself is an easy task and it also doesn't consume too many resources of your system.

Kind regards,

Mark

Show replies
Show replies
danielgonzalez
Explorer
‎04-22-2013 3:49 PM
0 Kudos

Thank you M. Dijsselbloem,

That link was very useful but I'm not sure about why it's needed to put the Web Dispatcher in front of the PI server. According to the next quote, I understand you can set that parameter directly in the ICM of the PI server. Am I wrong? Would there be any difference between setting the parameter in PI or in the Web Dispatcher?

With this parameter you can set up access restrictions in the ICM and SAP Web Dispatcher (as White List or Black List).

Regards,

former_member191911
Contributor
‎04-23-2013 8:34 AM
0 Kudos

Hi Gonzalez,

You are absolutely right!

Since NetWeaver 7.1 the java dispatcher has been replaced by the ICM, so you can put this parameter directly into the java stack.

Sorry for the inconvenience!

Kind regards,

Mark

Answers (3)

Answers (3)

former_member208404
Participant
‎04-22-2013 8:35 AM
0 Kudos

Hi,

It has to be on the network layer. Your PI system must be on a different network. It's not possible to hit your system from anywhere.

Regards

Abhishek

Show replies
Show replies
anupam_ghosh2
Active Contributor
‎04-22-2013 7:13 AM
0 Kudos

Hi D Gonzalez,

                            The network team can set up a proxy server or firewall so that only authorised IP's can access the PI server network. 

Regards

Anupam 

Show replies
Show replies
rajasekhar_reddy14
Active Contributor
‎04-22-2013 4:35 AM
0 Kudos

To access PI web service they need at least PI Credetials ,I dont think any such configuration available in PI to stop IP's but may be Network infra team can do.

Show replies
Show replies
Ask a Question