Network Isolation

Prerequisites

You configure systems.

For more information, see Configuring Systems.

You configure allowed outgoing connections for system isolation.

You have configured the following monitoring settings:
- Valid host names for outgoing connections
- Valid ports for outgoing connections

Ensure that SAP Landscape Management applied your configured monitoring settings to all isolated systems.

For more information, see Configuring Monitoring Settings.
To use the configured outgoing connections as template for system provisioning, the system must be enabled for cloning or copying.

For more information, see Enabling Systems for Provisioning Operations.
To apply the configured outgoing connections to all instances of the system, the system must be a clone or copy of an existing system.

Choose Configuration Systems.
Select the system for which you want to configure outgoing connections for isolation.
In the System Details screen area, choose Edit.
Navigate to the Network Isolation step.

The connections for the host specified in the Read Connections of Host field are displayed.
To remove a connection on the system, select it and choose Remove.

To allow more connections on the system, choose Add and provide the following information.

Option	Description
Enable Network Fencing	To remove isolation for a copied system, deselect the checkbox. You have to ensure, that all necessary changes to the copy are applied. You cannot disable network fencing for cloned systems. Note Disclaimer: SAP advises that it is the Customers responsibility to ensure that all necessary adjustments have been successfully performed in the target system, before allowing any outgoing communication. Recommendation During the system clone, copy, or refresh procedure, it is recommended that the cloned system is located in an isolated network. If the checkbox Enable Network Fencing is deselected, it is recommended to choose Update Existing Fencing Rules, to allow all outgoing communication to remote connected systems or hosts.
Rule Type	To allow communication to a host on all ports, choose Host. To allow communication to a specific host and to all other hosts on given ports or services, choose Host & Port. To allow communication to all hosts on the defined port or service, choose Port.
Target Host Name	Enter the host name for the connection.
Target Port	Enter the port or service for the connection.
Update existing Fencing Rules	If the Enable Network Fencing checkbox is selected, SAP Landscape Management applies the firewall rules to all instances of this system. If the Enable Network Fencing checkbox is not selected, SAP Landscape Management removes the firewall rules of all instances from the system.