Accessing Databases Behind a Firewall
To protect your database computer against hacking attacks from outside of your company's local area network (LAN) or to protect a subnet within company's network a firewall is a preferred solution. To allow database administration tools or database applications (for example an SAP system) to connect a database system from outside of the firewall protected network some firewall port modification are necessary.
To enable access proceed as follows:
-
Open the following ports in your firewall:
-
All ports of the global listener
-
TCP/IP port of the X server of the installation to which your database belongs
Scope
Default Port
Function of the X Server
Protocol
Protocol Identifier
All installations on the database computer
7210
Global listener
TCP/IP
remote://
7269
Global listener with SAP networtk protocol NI (for connections via SAPRouter, only available in SAP systems)
NI
(based on TCP/IP)
sapni://
7270
Global listener with SAP networtk protocol NI and SAP encryption library (for connections via SAPRouter, only available in SAP systems)
NISSL (based on SSL/TLS)
remotes://
sapnis://
First installation <installation_1> on the database computer
7200
X server for <installation_1>
TCP/IP
remote://
Second installation <installation_2> on the database computer
7203
X server for <installation_2>
TCP/IP
remote://
Separate Database Studio installation
7299
X server for the separate Database Studio installation, only used by the system to access the local user management database .UMDB
TCP/IP
remote://
For more information about opening ports, see your firewall documentation.
-
-
Restrict port access to those computers that are running the database system.
-
Concepts of the Database System, Network Communication
-
Documentation about SAProuter is available in the SAP Library at http://help.sap.com.