Security Settings in the GatewayLocate this document in the navigation structure

Use

Gateway is an interface between the application server and other SAP systems or programs. Usually application servers and database hosts are located in the same network segment. This network is secured from external access through a demilitarized zone (DMZ).

Communication that leads the Gateway as part of the application server to external systems beyond the DMZ is in principle insecure. System administrators have several options available to configure external communication of the Gateway securely.

Features
Configuring Network-Based Access Control Lists (ACL):

  • In this ACL file ( A ccess C ontrol L ist = security file) you can specify from which hosts the gateway is to accept connections at TCP/IP level.

Configuring Support of SNC Components:

  • With two profile parameters you can specify whether the Gateway is to support SNC, and whether connections to non-SNC programs are to be allowed. By setting up SNC or using SAP routers, you can make communication between SAP gateways of different SAP systems secure.

Configuring Connections between Gateway and External Programs Securely:

  • With two ACL files (Access Control List = security file) you can specify which external programs are allowed to connect to the Gateway (security file reginfo), and which programs are allowed to be started from the Gateway (security file secinfo).

Setting Up Gateway Logging:

  • You can configure the Gateway so that actions executed by it, and requests it receives from external systems, are written to a log file. You can use this log file for analyzing security settings.

Further Security Parameters:

  • In addition to the measures described above, further parameters are provided for you to configure the Gateway securely.

More Information