cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Gateway Access Control List (reg_info/sec_info) contains trivial entries

Go to solution
former_member838366
Explorer

on ‎12-10-2014 11:54 AM

0 Kudos

Hi Everyone,

In EWA reports of our systems we are facing a security alert with the "Gateway Access Control List (reg_info/sec_info) contains trivial entries" with the rating Severe.

We have set the gw/acl_mode = 1 and regfile and secfile to allow all connections as below.

Reg_file -

P TP=* (Rating is warning)


Sec_file -

P TP=* USER=* USER-HOST=* HOST=* (Rating is Severe)


We want to systems to be connected from all other systems. Could you please suggest on this how to reduce the severity to Green?


I have been through many discussions on this but they are not helpful.


Thanks for your help in advance


Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

JPReyes
Active Contributor
‎12-10-2014 12:34 PM
0 Kudos

The answer is simple, you should document each connection on the sec_file.

The warning is simply because you are allowing all traffic by using the * wildcard.

If you want to allow all traffic (and you are aware of the implications) then simply switch gw/acl_mode to 0

Regards, JP

Show replies
Show replies
former_member838366
Explorer
‎12-10-2014 12:59 PM
0 Kudos

Hi JP,

Thanks for your quick response.

As the sec_file is allowing all connections now,

Can we provide certain IPs of other hosts with combination of wildcards like 10.10.*?

If so could you please let me know the syntax of it?

If not can you please explain on how to document each connection on the sec_file?

Regards,

Praveen

JPReyes
Active Contributor
‎12-10-2014 1:10 PM
0 Kudos

The syntax is explained in detail in help.sap.com

https://help.sap.com/saphelp_nw73/helpdata/en/e2/16d0427a2440fc8bfc25e786b8e11c/content.htm

Regards, JP

Answers (0)

Ask a Question