Skip to Content

SAP WebDispatcher configuration for Portal access on Public IP

Dear friends,

I've a requirement to access SAP EP through a public IP. In our scenario SAP Web Dispatcher is located in DMZ and rest all SAP systems are in MZ.

We have registered a domain name (couple of weeks ago) and binding has been done with the public IP address. Natting has been done between Public IP and private IP of SAP Web Dispatcher. When we are trying to access the portal now using public IP address it doesn't bring any page rather gives error:

This site can’t be reached

202.100.196.244 refused to connect.

ERR_CONNECTION_REFUSED

Below is our Web dispatcher config file contents, kindly suggest if there is something wrong with this:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

SAPGLOBALHOST = SAPWDP01

SAPSYSTEM = 00

INSTANCE_NAME = W00

DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64

DIR_EXECUTABLE = $(DIR_CT_RUN)

DIR_PROFILE = $(DIR_INSTALL)\profile

_PF = $(DIR_PROFILE)\WDP_W00_SAPWDP01

SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%

#-----------------------------------------------------------------------

# Accesssability of Message Server

#-----------------------------------------------------------------------

wdisp/system_0 = SID=EPP, MSHOST=EPPVS01.ENGPL.com, MSPORT=8100,

#-----------------------------------------------------------------------

# Back-end system configuration

#-----------------------------------------------------------------------

wdisp/system_0 = SID=EPP, MSHOST=EPPVS01, MSPORT=8100, SRCVHOST=EPPVS01.ENGPL.com

#-----------------------------------------------------------------------

# Configuration of maximum number of concurrent connections

#-----------------------------------------------------------------------

icm/max_conn = 2000

#-----------------------------------------------------------------------

# Tuning parameters that usually do not need to be adjusted

#-----------------------------------------------------------------------

icm/max_sockets = ($(icm/max_conn) * 2)

icm/max_conn = 16384

icm/max_sockets = 16384

icm/req_queue_len = 6000

icm/min_threads = 100

icm/max_threads = 250

mpi/total_size_MB = (min(0.06 * $(icm/max_conn) + 50, 2000))

mpi/max_pipes = ($(icm/max_conn) * 2)

wdisp/HTTP/max_pooled_con = ($(icm/max_conn))

wdisp/HTTPS/max_pooled_con = ($(icm/max_conn))

ssl/server_cache_size = (min($(icm/max_conn) * 4, 100000))

#-----------------------------------------------------------------------

# SAP Web Dispatcher Ports

#-----------------------------------------------------------------------

icm/server_port_0 = PROT=HTTPS,PORT=443$$

icm/server_port_1 = PROT=HTTP,HOST=SAPWDP01,PORT=81$$

icm/server_port_2 = PROT=HTTP,HOST=EPPVS01,PORT=81$$

icm/server_port_3 = PROT=HTTP,HOST=localhost,PORT=81$$

#-----------------------------------------------------------------------

# SAP Web Dispatcher Administration

#-----------------------------------------------------------------------

icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile)

#-----------------------------------------------------------------------

# Start webdispatcher

#-----------------------------------------------------------------------

_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)

Restart_Program_00 = local $(_WD) pf=$(_PF)

SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec

icm/HTTP/redirect_00 = PREFIX=/,FROM=*.gov.in*,FROMPROT=HTTP,FOR=EPPVS01.ENGPL.com:50100,PROT=HTTP,HOST=EPPVS01, PORT=50100

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Kindly help, thanks in advance

SUJIT

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Mar 30, 2016 at 11:55 AM

    Hi there,

    The configuration you posted seems inconsistent, a few entries are incompatible each other.

    Please check these links:

    https://wiki.scn.sap.com/wiki/display/SI/Managing+PSE+files+at+the+Web+Dispatcher

    http://scn.sap.com/thread/3779410

    https://help.sap.com/saphelp_nwce72/helpdata/en/c5/ec466f5544409982c7d3ca29ce1ad3/content.htm

    Also, test inside the DMZ system that you can reach the internal remote SAP servers, by using this command: telnet [internal_server_name] 50100

    Regards,

    MM

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Manuel, hello Sujit,

      About having 2 wdisp/system_0 parameters, the second one (in the order they appear at the profile) will overwrite the first one. So, only the second wdisp/system_0 parameter is taking effect.

      About icm/server_port_1 to 3, you are almost correct, Manuel 😊.

      Notice that each of the parameters is binding the same port but under a specific, different IP address (this is because the HOST argument is being used). Since HOST is being used, this should not be causing any issues.

      It seems that the parameter icm/HTTP/redirect_00 will never be used. But in case it matches a request, it seems it would cause an issue as it seems to be making the browser redirect directly to the Portal, bypassing the Web Dispatcher. But this would be something for a different thread, maybe 😊.

      About the "connection refused" error, ensure that your firewall (that is "natting" the public IP to the Web Dispather IP) is allowing connections to the TCP ports 8100 and 44300. Your firewall has to accept connections on these ports (at the public IP) and then "nat" them to the Web Dispatcher IP at the same port.

      Then, test the connection to your public domain, specifying the port you want to use. For example:

      http://www.your-domain.com:8100

      or

      https://www.your-domain.com:44300

      Best regards,

      Isaías

  • Mar 30, 2016 at 12:07 PM

    Hi Sujit.

    You can enable the trace using the Httpwatch from public to private. find the where the packet getting drooped . refer the SAP KBA 1994801 - HTTPwatch Tips


    Regards

    SS

    Add comment
    10|10000 characters needed characters exceeded