03-17-2015 2:12 PM
Hi there,
I have a system here with a somewhat unusual (to me at least) gateway security setup. I have an ABAP system XXX with a TCP/IP RFC in SM59 with programm-ID PPP and gateway hostname yyy.zzz.com (belonging to Java system YYY). The connection is used to communicate between XXX and YYY.
The problem we are facing is that the security settings are way too wide open (every host can connect with the programm-IP PPP with gateway YYY, or that no system at all can connect)
In the gateway logging on the YYY system we see the following entry:
S Fri Mar 13 2015 16:57:17:469 reginfo denied client: TP=PPP, ACCESS=yyy.zzz.com
The gateway on YYY is seeing the connection coming from itself (yyy.zzz.com, although it was registered from XXX).
Wenn we add the following entry in reginfo on YYY, the connection is working, but then any system can connect with this programm-ID to the gateway of YYY.
P TP=PPP HOST=yyy.zzz.com CANCEL=* ACCESS=*
The usual setup that I know, is that in the RFC destination (in XXX), the gateway of the XXX system is used. System YYY will then connect to XXX and in reginfo of XXX it should be allowed that yyy.zzz.com can connect with programm-ID PPP.
Is the current setup indeed wrong or should it be possible to setup it up in this way, but then with restrictive gateway settings.
Thanks a lot in advance for your help.
Cheers,
Sander.
03-18-2015 6:46 AM
Hi
I assume the program registers from YYY to yyy.zzz.com gateway then XXX accessing it.
Try this:
P TP=PPP HOST=internal CANCEL=internal ACCESS=XXX,internal
or
P TP=PPP HOST=yyy.zzz.com CANCEL=yyy.zzz.com ACCESS=XXX,yyy.zzz.com
Regards
Przemek
03-18-2015 9:56 AM
Hi Przemek,
Thanks. No, that is just it. The programm registers from XXX to yyy.zzz.com gateway. Is this an incorrect setup, or should this be able to work with sufficient gateway security?
Cheers,
Sander.
03-18-2015 10:51 AM
Nothing is wrong with source of registration if you can strictly define HOST,CANCEL,ACCESS
There is another security file for gateway you should consider: secinfo