To protect your database computer against hacking attacks from outside of your company's local area network (LAN) or to protect a subnet within company's network a firewall is a preferred solution. To allow database administration tools or database applications (for example an SAP system) to connect a database system from outside of the firewall protected network some firewall port modification are necessary.
To enable access proceed as follows:
Open the following ports in your firewall:
All ports of the global listener
TCP/IP port of the X server of the installation to which your database belongs
Scope |
Default Port |
Function of the X Server |
Protocol |
Protocol Identifier |
---|---|---|---|---|
All installations on the database computer |
7210 |
Global listener |
TCP/IP |
remote:// |
7269 |
Global listener with SAP networtk protocol NI (for connections via SAPRouter, only available in SAP systems) |
NI (based on TCP/IP) |
sapni:// |
|
7270 |
Global listener with SAP networtk protocol NI and SAP encryption library (for connections via SAPRouter, only available in SAP systems) |
NISSL (based on SSL/TLS) |
remotes:// sapnis:// |
|
First installation <installation_1> on the database computer |
7200 |
X server for <installation_1> |
TCP/IP |
remote:// |
Second installation <installation_2> on the database computer |
7203 |
X server for <installation_2> |
TCP/IP |
remote:// |
Separate Database Studio installation |
7299 |
X server for the separate Database Studio installation, only used by the system to access the local user management database .UMDB |
TCP/IP |
remote:// |
For more information about opening ports, see your firewall documentation.
Restrict port access to those computers that are running the database system.
Concepts of the Database System, Network Communication
Documentation about SAProuter is available in the SAP Library at http://help.sap.com.