Skip to Content
author's profile photo Former Member
Former Member

Network ports for SAP Relay Server and SMP 2.3

Hi Expert,

I'm configuring a mobile solution based on Relay server, SMP 2.3, REx 3.2 and CRM server. I need some information/confirmation about the network ports I should open in my internal and external firewalls. Hereunder is reported the logical architecture and the ports that should be used:

Are the ports indicated correct? Do I have to consider further ports?

Any suggestion will be appreciated..

Thanks

g.

Tags edited by: Michael Appleby

pastedImage_2.png (34.6 kB)
Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Jun 10, 2014 at 08:15 PM

    All the ports mentioned by you are correct and should be good for your architecture, I also suggest below ports:

    1) 2000- managemant port

    2) 2001 - secure management port

    Thanks,

    Shiv

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thank you for your feedback Shiv.

      I would like to understand if It's mandatory to open the ports 8000 and 8001 in the internal firewall. From my understanding, in my scenario, the port 8000 is used only by the CRM for data change notification purposes. Due to the fact that CRM and SMP are in the same network I don't need to open this port in the internal firewall. Is this correct? is the port 8000 used for other purposes (for instance from the iPad)?

      thanks in advance for your collaboration.

      BR

      g.

  • author's profile photo Former Member
    Former Member
    Posted on Jun 11, 2014 at 02:08 PM

    If you're using Relay Server in your landscape, I don't believe you need all those ports opened. You seem to be missing the RSOE(s) in your diagram which makes an *outbound* connection to the Relay Server(s) in your DMZ. You may wish to take a look at this documentation:

    Relay Server architecture

    Thanks,

    Andrew.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jun 12, 2014 at 05:59 AM

    Hi,

    Not clear from the diagram which direction the ports are being opened for, but doesn't look correct to me..

    Based on implementation I have done for REX 3.2 with CRM these are the ports that should be opened.

    IPAD -> Relay Server (INBOUND)

    Port 443 should be open

    Port 80 should only be open if you are not going to use SSL (not recommended)

    Relay Server -> IPAD (OUTBOUND)

    None required

    Relay Server -> SMP (INBOUND)

    None Required. Using RSOE makes outbound connection from SMP to Relay Server. Communication between the Relay Server and SMP is then always performed via this connection (just like Reverse Invoke).

    SMP -> Relay Server (OUTBOUND)

    Port 443 should be open if going to use SSL or

    Port 80 should be open if not going to use SSL.

    You should also have a port open for administration purposes (e.g. RDP port if is Windows server)

    For example, you could use SSL from iPAD to Relay Server (so open port 443) and non-SSL from SMP to Relay Server (so open port 80). Other combinations are possible. Depends on what your company security requirements are.

    If SMP and CRM are on the same network (no Firewalls between) them then you don't need to worry about the ports. if however there is, then:

    SMP -> CRM (INBOUND)

    Need to open ports for RFC Connection (SMP connects to CRM via JCO)

    CRM -> SMP (OUTBOUND)

    Port 8000 (non-SSL) for DCN.

    Port 8001 ? (SSL) for DCN (not sure on this).

    Of course if you have a firewall between your internal network and SMP then you will also need to open other ports like RDP (assuming Windows), SCC Port etc.

    Thanks

    Colin

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 04, 2014 at 12:17 PM

    This information exists true for SMP 3.0 installation also? We have a load balancer and 2 Relay servers in DMZ and two nodes of SMP server in internal network. as shown in the figure below.

    Can anyone help me with the all port numbers need to be enabled throughout the network.

    Thanks

    Ady


    SMP_Landscape.png (95.0 kB)
    Add a comment
    10|10000 characters needed characters exceeded

    • Yes true and applies for SMP 3.X.

      Outside Firewall: Devices to Load balancer - https traffic

      Within DMZ: Apache to Relay servers - 443 (in a round robin fashion)

      Internal Network: SMP OE's to Relay servers - Only Outbound 443 from SMP to Relay Servers

      Regards,

      Kiran

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.