On Tue, Jan 12, 1999 at 09:53:13AM -0600, Bill Houchin wrote:
> I'm reviewing the doc for setting up SAProuter.
> What isn't clear is, what if any part of it runs
> on the firewall. Is this just a SAProuter proxy
> that runs on the firewall?
There is a OSS note about this. SAProuter is a application level proxy for
SAP network connections. You will install the SAProuter on the firewall and
connect to it, instead of the real Server process.
The problem with this is: SAP is usung the same network code (ni-layer) in
the SAP router as in the Servers and Clients. So this basically means the
SAP router is not giving you additional security and protocol filtering.
Things you get from SAPRouter:
a) you can add SNC crypto tunnels between SAP routers
b) you can hide a complex installation between a common stable SAP router
address
c) packet filtering is easier with a simple open SAP router port than
allowing a wide range of ports and addresses through the packetfilter.
I�m unfortunatelly not aware of firewalls which can filter the SAP RFC and
DIAG data on an Application level, would be happy to hear about it. I have a
small powerpoint presentation with some references to SAP material if anyone
cares.
Greetings
Bernd
PS: running SAProuter on Linux for quite a few yearss now, runs fine. It is
doing NAT on the border router (which is connecting to the OSS via direct
dialin.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
