Administrator

Managing Firewalls and Preventing Intrusion

A personal firewall, or intrusion detection and prevention software (IPS or IDPS), can cause SAP Mobile Platform components to malfunction or not function at all. SAP Mobile Platform uses regular IP communication between components on the primary network interface of a computer, even when all components are installed on the same host.

Context

If the local network interface is secured by intrusion detection and prevention software (for example, McAfee Host Intrusion Prevention software or equivalent), you must configure the security software to allow all network communication between SAP Mobile Platform components.

Try one of these options to work around the limitations imposed by the host intrusion prevention software and policy settings, without violating security policies, until the settings of your security software are adjusted to the needs of the platform.

  • Remove the host machine from the network – this option ensures that all interconnections between SAP Mobile Platform components are treated as local traffic and should not be flagged as incoming connections from external sources, thereby causing connection failures due to security policy settings. This option is suitable when you use your laptop in a network other than your corporate network, and want to demonstrate a mobile solution using a simulator or emulator with all components running on the same machine. To use this option:
    1. Stop SAP Mobile Platform services in the correct order.
    2. Disconnect the host from all networks.
    3. Restart the services in the correct order.
    4. Change the Management Cockpit URL link to use "localhost" or <yourhostname> as the host name, instead of the original fully qualified host name of the machine that included the domain name. Accept any security warnings to connect to Management Cockpit.
  • Connect the host to the corporate network – this option ensures that all interconnections among SAP Mobile Platform components are internal to your corporate network and validated against the corporate network security policy. Connecting to the corporate network through VPN is especially suitable when you use your laptop in a network other than your corporate network, and want to demonstrate a mobile solution using your physical devices, and need outgoing connections to a back end.
    1. Stop the SAP Mobile Platform services.
    2. Reconnect the host to your corporate network directly or through corporate VPN, to ensure that the corporate network security policy applies.
    3. Restart the services.
    4. Change the Management Cockpit URL link to use "localhost" or <yourhostname> as the host name, instead of the original fully qualified host name of the machine that included the domain name (for example: https://localhost:8083/Admin, or https://<yourhostname>:8083/Admin). Accept any security warnings to connect to Management Cockpit.
  • To ensure that required internal component communication ports are not blocked, configure the firewall software to allow connections to the ports SAP Mobile Platform uses.