A route permission table could look as shown below:
D |
host1 |
host2 |
serviceX |
|
D |
host3 |
|||
P |
* |
* |
serviceX |
|
P |
155.56.*.* |
155.56 |
||
P |
155.57.1011xxxx.* |
|||
P |
host4 |
host5 |
* |
pass |
S |
host6 |
|||
P |
host7 |
host8 |
telnet |
|
P*,0 |
* |
* |
gui |
This means:
In the example in the section
Route String Entry for SAProuter, the route permission table of host saprouter must have the following entry:P sappc your_rout
The route permission table of host
yoursaprouter must contain the following entry:P saprouter yourapp sapsrv pass_to_app
First Match
The first entry in the route permission table for which source address, target address, and target port match is decisive; in the above example, this means that the connection from
host1 to host2, service serviceX is not allowed (because of the first entry), although all connections with service serviceX are allowed according to the third entry.Exception
If the SAProuter is the last SAProuter on the route (followed e.g. by the front end) and the service is not an SAP service (no SAP protocol), the wildcard ("
*") cannot be used with the service. The connection is only allowed if the non-SAP service is selected explicitly; if the example given above contained a * instead of telnet and the SAProuter was the last one on the route, the telnet connection would not be set up.See also:
Example of a Route Permission Table with SNC.