Show TOC

Background documentationApplication-Level Gateways Provided by SAP

 

SAProuter and SAP Web Dispatcher are examples of application-level gateways that you can use for filtering SAP network traffic.

SAProuter
Filtering Functions

You can use the SAProuter for routing and filtering traffic at the SAP NI layer. You can use it to do the following:

  • Filter requests based on the IP address or protocol.

    For example, you can reject any requests that do not use SAP protocols.

  • Require that a password is sent with the request.

  • Require that secure authentication and data encryption occurs at the network layer using Secure Network Communications (SNC).

When using SAProuter, you only have to open a single port on the firewall for SAP protocols, which corresponds to the port on the machine running SAProuter. All connections using the SAP protocols are then required to pass through this port (default=3299).

Caution Caution

SAProuter complements and does not replace the firewall. We recommend that you use SAProuter and a firewall together. An SAProuter alone does not protect your SAP system network.

End of the caution.

For an example of the network topology when using an SAProuter, see Example Network Topology Using a SAProuter.

Configuration

To enforce access control, specify the IP addresses and address patterns that can access your SAP systems in the saprouttab configuration file.

Recommendation Recommendation

When specifying the entries in saprouttab:

  • Use the S indicator in the saprouttab entries to specify that the entry applies to SAP protocols only.

  • Only use the option P where necessary.

    This option specifies that the entry applies to non-SAP protocols as well.

End of the recommendation.

Note Note

If you use the SAP remote services (SAP Support Portal), you must use an SAProuter.

For more information, see Example Network Topology When Using SAP Remote Services.

End of the note.

For more information about SAProuter, see SAProuter.

SAP Web Dispatcher

Use SAP Web Dispatcher for load balancing and filtering HTTP(S) requests to SAP NetWeaver Application Server (AS). The rules to use for filtering the requests are contained in a file in the file system on the server where SAP Web Dispatcher runs.

For more information about security on the SAP Web Dispatcher, see Security Information SAP Web Dispatcher.

SAP Web Dispatcher also supports the use of the Secure Sockets Layer (SSL) protocol to secure the communications at the transport level.

For more information, see SAP Web Dispatcher.