cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Gateway and Message Server Security

Former Member

on ‎05-04-2014 11:48 AM

0 Kudos

Hi,

We are getting the Yellow (Warning ) Status in EWA and wanted to green ,,,As we can,t take risk with production , we wanted to apply the soluion plz reply the exact solution to remove the warning.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

0.0.1 Gateway and Message Server Security

0.0.1.1 Gateway Security

Gateway Security Properties

The parameter GW/REG_NO_CONN_INFO controls the activation of certain security properties of the SAP gateway. It is defined as a bit mask with one bit per property.

SAP Note 1298433 “Bypassing security in reginfo & secinfo” is not activated in your system. The bit mask value for bit 1 is not set.

Recommendation: Enable the missing property by adding the bitmask value to the current value of GW/REG_NO_CONN_INFO. For more information about GW/REG_NO_CONN_INFO, see SAP Note 1444282.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,

Rableen

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎05-29-2014 6:01 PM
0 Kudos

Dear All,

Please provide some solution so that i can give full points.

RK

Show replies
Show replies
Former Member
‎05-31-2014 1:23 PM
0 Kudos

Hi RK,

Gateway security can be activated by setting the paramter gw/acl_mode =1 and GW/REG_NO_CONN_INFO. If you activate the gateway security features, you need you have a registered program id information in the reginfo (gw/reg_info) and secinfo (gw/sec_info) file. If you are not sure about the program id, you can make use of the simulation mode at gateway i.e ge/sim_mode =1 this will log all the connection entries in the log file gw/logging.

to activate message server security refer below link,

Security Settings for the SAP Message Server - Monitoring and Administration of the SAP Message Serv...

Regards,
Shanthosh

Former Member
‎06-01-2014 7:08 AM
0 Kudos

Dear Santhosh,

We have already set parameter gw/acl_mode =1 and set GW/REG_NO_CONN_INFO =2 but still we are getting the

Gateway and Message Server Security

yellow rating , but our management is asking to make

Gateway and Message Server Security

green, now i am struggling to make it green, please help me to make it green.

Regards,

Rk

Former Member
‎06-01-2014 9:02 AM
0 Kudos

Hello RK,

We set gw/reg_no_conn_info to 11 , after analysis and created files reginfo/secinfo as well.

Have you restarted system after setting value to 2 ?? . You need to wait for 1 week for next EWA as well.

Regards,


Former Member
‎06-01-2014 9:36 AM
0 Kudos

Dear Gagan,

if possible please send the reginfo/secinfo files you mention to rableenkhurana@gmail.com ,,,,

I have not set any of reg file and sec file may be thats y it is coming yellow ...

RK

Former Member
‎06-01-2014 9:56 AM
0 Kudos

Hi RK,

File is going to be specific to your environment , you can create them as well , if your  NW release is above 7.1 SPS7 .

TX code -- SMGW --GO TO--Exper Function --Create (secinfo or reginfo) , this will have impact on all your interfaces so be careful and test before moving changes to PRD.

Former Member
‎06-01-2014 10:23 AM
0 Kudos

Dear,

I know how to Create reginfo and secinfo , but i have,t create reginfo and secinfo yet , i want format only ...

recently before a month i use

reginfo

#VERSION=2

P TP=*

and secinfo

#VERSION=2

P TP=* USER=* USER-HOST=* HOST=*

But on that time its came red in EWA...

Please provide the format.

RK

Former Member
‎06-01-2014 10:36 AM
0 Kudos

File format is correct as you mentioned above , however as i said make sure you restarted your system after chaning parameters and wait for 1 week for EWA to generate , set gw/reg_no_conn_info to 11.

Regards,

isaias_freitas
Advisor
Advisor
‎06-05-2014 1:56 PM
0 Kudos

Hello Rableen,

The SAP notes 1629598 and 1636252 have the documentation on the syntax and format of the reginfo/secinfo files.

Here are some general tips about them:

  • The very first line of the reginfo/secinfo file must be "#VERSION=2";
  • Each line must be a complete rule (you cannot break the rule into two or more lines);
  • Each program must have only one rule. That is because the gateway will apply the rules in the same order they appear in the file, and only the first matching rule will be used (similar to the behavior of a network firewall).

A general reginfo rule definition would be (note that I had to break the rule for it to be more easily understood):

     P TP=<program name>
          HOST=<comma separated list of hosts that can register the program>
          ACCESS=<comma separated list of hosts that can communicate with the program>
          CANCEL=<comma separated list of hosts that can cancel this registration>

     Usually, ACCESS is a list with at least all SAP servers from this SAP system. This can be

     replaced by the keyword "internal".

     CANCEL is usually a list with all SAP servers from this system (or the keyword "internal"), and

     also the same servers as in HOSTS (as you must allow the program to de-register itself).

A general secinfo rule definition would be (note that I had to break the rule for it to be more easily understood):

     P USER=<comma separated list of users allowed to start the program>

          USER-HOST=<comma separated list of hosts from where the users can trigger the program>

          HOST=<comma separated list of hosts where the program can be started>

          TP=<program name>

Regarding the parameter gw/reg_no_conn_info, please refer to the following WIKI page:

     http://wiki.sdn.sap.com/wiki/x/jw1dDw

I hope this information helps.

Cheers,

Isaias

Former Member
‎05-05-2014 12:08 PM
0 Kudos

Hi,

Please reply any solution.

RK

Show replies
Show replies
ACE-SAP
Active Contributor
‎05-05-2014 10:39 PM
0 Kudos

Hello

Just process as stated in note 1444282 - gw/reg_no_conn_info settings

Set a value for parameter gw/reg_no_conn_info to activate Gateway security options.

You can check the here under wiki for more information

http://wiki.scn.sap.com/wiki/display/Security/Gateway+security+settings+-+extra+information+regardin...

Regards

Former Member
‎05-06-2014 8:45 AM
0 Kudos

Hi Yves,

Thanks for your reply ....I have seen the note ....But having confusion ,,,you send me the step by step procedure what to do ...

RK

Ask a Question