Hi all
I was hoping someone on the list may have some experience in placing a FW-1
installation in front of an SAP R/3 system. I am faced with that task at
the moment and most of the SAP centric folk I have talked to are very much
at the business or systems level. Few seem to know how their product
behaves at the network level.
The main problem is the SAPGUI client. Most clients at this site are
currently configured to use a fixed port (4301 seems to be the favourite)
but I am told there is an option to have clients contact the "Central
instance" (usually the database engine) of a SAP implementation. Apparently
this system will then allocate the client to an application server. The
client then approaches the app server and a port is dynamically allocated
for the client to use. So the theory goes, anyway...
Does/can anyone tell me:
- is my summary above basically correct?
- know the mechanics of the dynamic connection process?
- know whether a rule base can be configured to handle these dynamic
connections neatly, i.e. without having to leave a big range of ports open
- any other tricks about trying to protect SAP R/3
Thanks in advance
Graham
Graham Abbott
Principal Systems Architect
Nomad Solutions
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
