Application-Level Gateways Provided by SAP

Use

SAProuter and SAP Web Dispatcher are examples of application-level gateways that you can use for filtering SAP network traffic.

SAProuter

Filtering Functions

You can use the SAProuter for routing and filtering traffic at the SAP NI layer. You can use it to do the following:

  • Filter requests based on the IP address or protocol.

    For example, you can reject any requests that do not use SAP protocols.

  • Require that a password is sent with the request.

  • Require that secure authentication and data encryption occurs at the network layer using Secure Network Communications (SNC).

When using SAProuter, you only have to open a single port on the firewall for SAP protocols, which corresponds to the port on the machine running SAProuter. All connections using the SAP protocols are then required to pass through this port (default=3299).

For an example of the network topology when using an SAProuter, see Example Network Topology Using a SAProuter.

Configuration

To enforce access control, specify the IP addresses and address patterns that can access your SAP systems in the saprouttab configuration file.

For more information about SAProuter, see SAProuter.

SAP Web Dispatcher

Use SAP Web Dispatcher for load balancing and filtering HTTP(S) requests to SAP NetWeaver Application Server (AS). The rules to use for filtering the requests are contained in a file in the file system on the server where SAP Web Dispatcher runs.

For more information about security on the SAP Web Dispatcher, see Security Information SAP Web Dispatcher.

SAP Web Dispatcher also supports the use of the Secure Sockets Layer (SSL) protocol to secure the communications at the transport level.

For more information, see SAP Web Dispatcher.