Hi there,

I have a system here with a somewhat unusual (to me at least) gateway security setup. I have an ABAP system XXX with a TCP/IP RFC in SM59 with programm-ID PPP and gateway hostname yyy.zzz.com (belonging to Java system YYY). The connection is used to communicate between XXX and YYY.

The problem we are facing is that the security settings are way too wide open (every host can connect with the programm-IP PPP with gateway YYY, or that no system at all can connect)

In the gateway logging on the YYY system we see the following entry:

S Fri Mar 13 2015 16:57:17:469 reginfo denied client: TP=PPP, ACCESS=yyy.zzz.com

The gateway on YYY is seeing the connection coming from itself (yyy.zzz.com, although it was registered from XXX).

Wenn we add the following entry in reginfo on YYY, the connection is working, but then any system can connect with this programm-ID to the gateway of YYY.

P TP=PPP HOST=yyy.zzz.com CANCEL=* ACCESS=*

The usual setup that I know, is that in the RFC destination (in XXX), the gateway of the XXX system is used. System YYY will then connect to XXX and in reginfo of XXX it should be allowed that yyy.zzz.com can connect with programm-ID PPP.

Is the current setup indeed wrong or should it be possible to setup it up in this way, but then with  restrictive gateway settings.

Thanks a lot in advance for your help.

Cheers,

Sander.