Hi,
I want to implement gateway security using gw/reg_info, gw/sec_info, gw/reg_no_conn_info.
so far I have created reginfo and secinfo files to allow all internal traffic and I kept gw/reg_no_conn_info=11, gw/acl_mode=1
reginfo
======
#VERSION=2
P TP=*,HOST=local
P TP=*,HOST=internal
P TP=*,HOST=*.abc.com
with the above setting I believe all the programs with in sap systems(including app servers), also system from domain abc.com can register programs with out having any issues.
secinfo:
======
#VERSION=2
P TP=* USER=* USER-HOST=local HOST=local
P TP=* USER=* USER-HOST=internal HOST=internal
similarly as per secinfo content I believe that all the internal traffic can go with out any issue with in sap system.
beside that I have activated gateway logging to find the rejecting connections if any.
I have following questions:
===================
1)As the reginfo,secinfo files maintained can I remove gw/acl_mode=1 parameter ?
2)if I want to add a specific programs to register from 3rd party system, suppose a program called "zram" from system "172.198.10.1" where I suppose to add it. Do I need to add that IP to secinfo along with reginfo?
3)when I set parameter gw/reg_no_conn_info=11 when convert to binary it equals to 00001011
what exactly this means from the following definitions from note 1444282
1 1298433 Bypassing security in reginfo & secinfo
2 1434 117 Bypassing sec_info without reg_info
4 1465129 CANCEL registered programs
8 1473017 Uppercase/lowercase in the files reg_info and sec_info
will that means 8+2+1 means satisfying the above 3 lines except condition 4 ?
4) I enabled gateway logging, how could I catch rejecting connections from third party systems?
5)From simulation mode I got to know that It will satisfy reginfo,secinfo restrictions and it will allow all other traffic.so what is the added advantage with this when activate?
6)is there any sap native tools which help while preparing reginfo, secinfo files?
Regards,
Koteswararao.Davuluri(Koti).