Example of a Route Permission Table 

• No routes from host1 to host2, service serviceX are allowed.
• No routes starting from host3 are allowed.
• All routes to server processes using serviceX are allowed.
• All routes within subnetwork 155.56 are allowed.
• All routes starting from subnetwork 155.57.1011xxxx are allowed (the last byte is written as a binary number; each "x" stands for 0 or 1).
• All routes from host4 to host5 are allowed if password pass is correct.
• All routes from host6, but only SAP protocol, are allowed.
• Native protocol routes (TCP/IP) from host7 to the non-SAP service telnet on host8 are allowed.
• All connections to non-SAProuters are allowed if password gui is correct.

In the example in the section Route String Entry for SAProuter, the route permission table of host saprouter must have the following entry:

The route permission table of host yoursaprouter must contain the following entry:

The first entry in the route permission table for which source address, target address, and target port match is decisive; in the above example, this means that the connection from host1 to host2, service serviceX is not allowed (because of the first entry), although all connections with service serviceX are allowed according to the third entry.

If the SAProuter is the last SAProuter on the route (followed e.g. by the front end) and the service is not an SAP service (no SAP protocol), the wildcard ("*") cannot be used with the service. The connection is only allowed if the non-SAP service is selected explicitly; if the example given above contained a * instead of telnet and the SAProuter was the last one on the route, the telnet connection would not be set up.

Example of a Route Permission Table with SNC.