SAProuter is an SAP software product which is available on all SAP-based UNIX platforms as well as for Windows and Linux. It acts like a firewall system by regulating access from/to your network.
SAProuter can be used
to establish an indirect connection between two programs running on different machines. The network configuration does not allow a direct communication between these machines due to missing IP addresses (or the same IP addresses as well) or firewall restrictions.
to improve network security by allowing accesses from/to your network with or without password-protection only from a specified machine where the SAProuter is running.
to control and log all connections between your network and the rest of the world.
Important SAProuter Commands
saprouter |
Online help (display list of all supported options) |
saprouter -r |
Start SAProuter with default values |
saprouter -s |
Stop SAPRouter |
Route String
A route string can have one or more substrings. Each substring contains parameters how to reach the next SAProuter or the target host or program on the target host.
Such parameters are:
name or IP-address of the target host
service (port number) of the program running on the target host
password for this connection, if needed
Example of one substring: /H/host/S/service/P/password
H: Identifier for host name
S: Identifier for service (port number)
P: Identifier for password
Route Permission Table
The SAProuter regulates access to your network via the route permission table in form of a file. You can start your SAProuter with this file name.
An entry in a route permission table has the following structure:
<P/D> <source host> <target host> <target service> <password>
P(ermit): |
allows connection |
D(eny): |
prevents connection |
<source host>: |
host name or IP-address, could be a SAProuter |
<target host>: |
host name or IP-address, could be a SAProuter |
<target service>: |
service (port number) of the program of the target host The default service of SAProuter is '3299'. |
If no route permission table was explicitly assigned to the SAProuter while starting (option -R <name of a route permission table>), the file 'saprouttab' in the current directory will be used. If this file is not available, all connections are allowed.
You can use wildcarts ('*') to define hosts, services and passwords in your route permission table.
For more information on RFC API and SAP Router see:
For general information on SAProuter see: