cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network ports for SAP Relay Server and SMP 2.3

Former Member

on ‎06-10-2014 5:49 PM

0 Kudos

Hi Expert,

I'm configuring a mobile solution based on Relay server, SMP 2.3, REx 3.2 and CRM server. I need some information/confirmation about the network ports I should open in my internal and external firewalls. Hereunder is reported the logical architecture and the ports that should be used:

Are the ports indicated correct? Do I have to consider further ports?

Any suggestion will be appreciated..

Thanks

g.

Tags edited by: Michael Appleby

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎12-04-2014 12:17 PM
0 Kudos

This information exists true for SMP 3.0 installation also? We have a load balancer and 2 Relay servers in DMZ and two nodes of SMP server in internal network. as shown in the figure below.

Can anyone help me with the all port numbers need to be enabled throughout the network.

Thanks

Ady

Show replies
Show replies
kirankola
Advisor
Advisor
‎12-04-2014 3:53 PM
0 Kudos

Yes true and applies for SMP 3.X.

Outside Firewall: Devices to Load balancer - https traffic

Within DMZ: Apache to Relay servers - 443 (in a round robin fashion)

Internal Network: SMP OE's to Relay servers - Only Outbound 443 from SMP to Relay Servers

Regards,

Kiran

Former Member
‎06-12-2014 6:59 AM
0 Kudos

Hi,

Not clear from the diagram which direction the ports are being opened for, but doesn't look correct to me..

Based on implementation I have done for REX 3.2 with CRM these are the ports that should be opened.

IPAD -> Relay Server (INBOUND)

Port 443 should be open

Port 80 should only be open if you are not going to use SSL (not recommended)

Relay Server -> IPAD (OUTBOUND)

None required

Relay Server -> SMP (INBOUND)

None Required.  Using RSOE makes outbound connection from SMP to Relay Server.  Communication between the Relay Server and SMP is then always performed via this connection (just like Reverse Invoke).

SMP -> Relay Server (OUTBOUND)

Port 443 should be open if going to use SSL or

Port 80 should be open if not going to use SSL.

You should also have a port open for administration purposes (e.g. RDP port if is Windows server)

For example, you could use SSL from iPAD to Relay Server (so open port 443) and non-SSL from SMP to Relay Server (so open port 80).  Other combinations are possible.  Depends on what your company security requirements are.

If SMP and CRM are on the same network (no Firewalls between) them then you don't need to worry about the ports.  if however there is, then:

SMP -> CRM (INBOUND)

Need to open ports for RFC Connection (SMP connects to CRM via JCO)

CRM -> SMP (OUTBOUND)

Port 8000 (non-SSL) for DCN.

Port 8001 ? (SSL) for DCN (not sure on this).

Of course if you have a firewall between your internal network and SMP then you will also need to open other ports like RDP (assuming Windows), SCC Port etc.

Thanks

Colin

Show replies
Show replies
Former Member
‎06-11-2014 3:08 PM
0 Kudos

If you're using Relay Server in your landscape, I don't believe you need all those ports opened.  You seem to be missing the RSOE(s) in your diagram which makes an *outbound* connection to the Relay Server(s) in your DMZ.  You may wish to take a look at this documentation:

Relay Server architecture

Thanks,

Andrew.

Show replies
Show replies
Former Member
‎06-11-2014 4:53 PM
0 Kudos

Hi Andrew,

RSOE will be activated in the SMP server and for this reason I need to know which ports I need to open. Once I'll know the ports I'll activate the RSOE for them (at least three RSOE as indicated by SAP: 1) Messaging 2) Replication 3) WEB services)).

g.

Former Member
‎06-11-2014 5:03 PM
0 Kudos

The RSOE(s) typically make an outbound connection to your Relay Server(s) on port 80 or 443 only.  Based on your configured FarmID, it comes back into the network on the required port (e.g. 5001, 8000, etc.)   On the devices, you specify FarmID and port 80 or 443 to your Relay Server(s).

Thanks,

Andrew.

Former Member
‎06-12-2014 6:26 PM
0 Kudos

For RSOE, port 5001 ( Messaging) and 2480 ( Replication) are needed. You have already mentioned these in your architecture.

Former Member
‎06-10-2014 9:15 PM
0 Kudos

All the ports mentioned by you are correct and should be good for your architecture, I also suggest below ports:

1) 2000- managemant port

2) 2001 - secure management port

Thanks,

Shiv

Show replies
Show replies
Former Member
‎06-11-2014 10:19 AM
0 Kudos

Thank you for your feedback Shiv.

I would like to understand if It's mandatory to open the ports 8000 and 8001 in the internal firewall. From my understanding, in my scenario, the port 8000 is used  only by the CRM for data change notification purposes. Due to the fact that CRM and SMP are in the same network I don't need to open this port in the internal firewall. Is this correct? is the port 8000 used for other purposes (for instance from the iPad)?

thanks in advance for your collaboration.

BR

g.

Ask a Question