Introduction to SAProuter

SAProuter is an SAP software product which is available on all R/3-based UNIX platforms and Windows NT/95. It acts like a firewall system by regulating access from/to your network.

SAProuter can be used

Important SAProuter Commands

saprouter

Online help (display list of all supported options)

saprouter -r

Start SAProuter with default values

saprouter -s

Stop SAPRouter

Route String

A route string can have one or more substrings. Each substring contains parameters how to reach the next SAProuter or the target host or program on the target host.

Such parameters are:

Example of one substring: /H/host/S/service/P/password

H: Identifier for host name
S: Identifier for service (port number)
P: Identifier for password

Route Permission Table

The SAProuter regulates access to your network via the route permission table in form of a file. You can start your SAProuter with this file name.

An entry in a route permission table has the following structure:
<P/D> <source host> <target host> <target service> <password>

P(ermit):

allows connection

D(eny):

prevents connection

<source host>:

host name or IP-address, could be a SAProuter

<target host>:

host name or IP-address, could be a SAProuter

<target service>:

service (port number) of the program of the target host
The default service of SAProuter is ‘3299’.

If no route permission table was explicitly assigned to the SAProuter while starting (option -R <name of a route permission table>), the file ‘saprouttab’ in the current directory will be used. If this file is not available, all connections are allowed.

You can use wildcarts (‘*’) to define hosts, services and passwords in your route permission table.

See SAP note 30289 for more details about SAProuter.

A Typical Use of SAProuter (remote support)

Network_1 (SAP-Walldorf)

Network_2 (Customer)

host_11

host_r1

host_r2

host_21

SAPGUI ————>

SAProuter ————>

("3299")

SAProuter ————>

("3299")

SAP R/3

Route Permission Tables

Entry in the route permission table of SAProuter on host_r1 in Network_1:
P host_11 host_r2 3299

Entry in the route permission table of SAProuter on host_r2 in Network_2:
P host_r1 host_21 sapdp<R/3 system number>

The SAPGUI on host_11 will connect to the R/3 application server on host_21 with the following route string, host name and dispatcher service:
/H/host_r1/H/host_r2/H/host_21/S/sapdp<R/3 system number>

The information about services of both SAProuters are not necessary, because they are running with the default service ("3299").