Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

how to resolve Issues while implement gateway security by using reginfo,secinfo?

koteswararao_davuluri2
Explorer

‎2014 Jun 19 4:03 PM

0 Likes
1,656

Hi,

I want to implement gateway security using  gw/reg_info,  gw/sec_info,  gw/reg_no_conn_info.

so far I have created reginfo and secinfo files to allow all internal traffic and I kept gw/reg_no_conn_info=11, gw/acl_mode=1

reginfo

======

#VERSION=2

P TP=*,HOST=local

P TP=*,HOST=internal

P TP=*,HOST=*.abc.com

with the above setting I believe all the programs with in sap systems(including app servers), also system from domain abc.com can register programs with out having any issues.

secinfo:

======

#VERSION=2

P TP=* USER=* USER-HOST=local HOST=local

P TP=* USER=* USER-HOST=internal HOST=internal

similarly  as per secinfo content I believe that all the internal traffic can go with out any issue with in sap system.

beside that I have activated gateway logging to find the rejecting connections if any.

I have following questions:

===================

1)As the reginfo,secinfo files maintained can I remove gw/acl_mode=1 parameter ?

2)if I want to add a specific programs to register from 3rd party system, suppose a program called "zram" from system "172.198.10.1" where I suppose to add it. Do I need to add that IP to secinfo along with reginfo?

3)when I set parameter gw/reg_no_conn_info=11 when convert to binary it equals to 00001011

what exactly this means from the following definitions from note 1444282

1 1298433 Bypassing security in reginfo & secinfo


2 1434 117 Bypassing sec_info without reg_info


4 1465129 CANCEL registered programs


8 1473017 Uppercase/lowercase in the files reg_info and sec_info

will that means 8+2+1 means satisfying the above 3 lines except condition 4 ?

4) I enabled  gateway logging, how could I catch rejecting connections from third party systems?

5)From simulation mode I got to know that It will satisfy reginfo,secinfo restrictions and it will allow all other traffic.so what is the added advantage with this when activate?

6)is there any sap native tools which help while preparing reginfo, secinfo files?

Regards,

Koteswararao.Davuluri(Koti).

3 REPLIES 3
Read only

Former Member

‎2014 Jul 24 2:22 PM

0 Likes
1,098

Hello Koti,

I'll try to answer some of your questions:

1)As the reginfo,secinfo files maintained can I remove gw/acl_mode=1 parameter ? YES, but there is no need for doing this!

...will that means 8+2+1 means satisfying the above 3 lines except condition 4 ? YES

For all other questions I'm also interested in!

Regards,

Karlheinz

Read only

Former Member

‎2015 May 13 9:38 AM

0 Likes
1,098

Hello Koti, Karlheinz,

Really good questions. I am also looking for answers for these questions, especially to questions 4 and 5. Maybe you now know the solution and are willing to shere the knowledge. It would be really helpful to me.

Regards,

Marcin

Read only

koteswararao_davuluri2
Explorer
In response to Former Member

‎2015 May 13 2:33 PM

0 Likes
1,098

Hi,

Here is answers for questions 4 and 5.

4) I enabled  gateway logging, how could I catch rejecting connections from third party systems?

SMGW->Goto->Expert functions->logging

In the above path if you select security->(under that)->Rejected access only

when you select that it should show you the connections getting rejected.

5)For simulation mode you have 2 options. you can activate directly from the above path.Other option  if you maintain gw/sim_mode = 1  that will make the permanent simulation mode. But once after all the entries set in reginfo you have to disable simulation mode. with secinfo you will not have much problems.

After doing steps 4, 5 you can see rejected entries in Gateway log.