on 06-18-2014 3:37 PM
Hi,
I want to implement gateway security using gw/reg_info, gw/sec_info, gw/reg_no_conn_info.
so far I have created reginfo and secinfo files to allow all internal traffic and I kept gw/reg_no_conn_info=11, gw/acl_mode=1
reginfo
======
#VERSION=2
P TP=*,HOST=local
P TP=*,HOST=internal
P TP=*,HOST=*.abc.com
with the above setting I believe all the programs with in sap systems(including app servers), also system from domain abc.com can register programs with out having any issues.
secinfo:
======
#VERSION=2
P TP=* USER=* USER-HOST=local HOST=local
P TP=* USER=* USER-HOST=internal HOST=internal
similarly as per secinfo content I believe that all the internal traffic can go with out any issue with in sap system.
beside that I have activated gateway logging to find the rejecting connections if any.
I have following questions:
===================
1)As the reginfo,secinfo files maintained can I remove gw/acl_mode=1 parameter ?
2)if I want to add a specific programs to register from 3rd party system, suppose a program called "zram" from system "172.198.10.1" where I suppose to add it. Do I need to add that IP to secinfo along with reginfo?
3)when I set parameter gw/reg_no_conn_info=11 when convert to binary it equals to 00001011
what exactly this means from the following definitions from note 1444282
1 1298433 Bypassing security in reginfo & secinfo
2 1434 117 Bypassing sec_info without reg_info
4 1465129 CANCEL registered programs
8 1473017 Uppercase/lowercase in the files reg_info and sec_info
will that means 8+2+1 means satisfying the above 3 lines except condition 4 ?
4) I enabled gateway logging, how could I catch rejecting connections from third party systems?
5)From simulation mode I got to know that It will satisfy reginfo,secinfo restrictions and it will allow all other traffic.so what is the added advantage with this when activate?
6)is there any sap native tools which help while preparing reginfo, secinfo files?
Hi Koteswararao,
this community is about SAP Gateway (formerly known as SAP NetWeaver Gateway).
Therefore you should post your question rather in the following community about
Best Regards, Andre
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Fischer,
Sorry for that I am still new to this website.
1)Do I need to delete this message and create again in ABAP Connectivity or IS there any other way to redirect this message to ABAP community?
2)How could I recognize by looking into any thread which Community that discussion belongs to?
Regards,
Koteswararao.
Hi,
anyway I have created the same message in ABAP Connectivity community. Just curious to know above questions?
Regards,
Koteswararao.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.