SAP Note 1069911 - GW: Changes to the ACL list of the gateway (reginfo)

Component : Gateway/CPIC - Security

Solution : https://service.sap.com/sap/support/notes/1069911 (SAP Service marketplace login required)

Summary :
As of SAP Kernel Release 640, the gateway registration control for external server programs is managed via the file specified by the gw/reg_info parameter, typically found at /usr/sap///data/reginfo. This functionality ensures only registered server processes from allowed hosts can communicate, a crucial aspect in maintaining system security. The behavior of this file has evolved across releases, especially with the introduction of acl_mode in Kernel Release 720, enforcing stricter access controls as per SAP Note 1480644. The reginfo file must contain valid entries to allow registration, otherwise registration is denied, with further details outlined in Note 1105897. Error handling for registration issues is precise, with specific errors for exceeded registrations, denied access, or manual cancellations detailed in subsequent patches.

Key words :
subsequentsap_basis610640 700700 710710 720720  support packages & patches support packagessoftware componentreleasesupport packagesap_basis720sapkb72005 references, terms reginfogw/reg_info720 tp_reg_secu_error747 tp_reg_noreg_error748 tp_reg_access_denied474 c_manual_canceldmsg egw 748, medium priority category consulting validity software componentfrom rel, rfcexec program 1480644   gw/acl_mode versus gw/reg_no_conn_info 1305851   overview note, smgw 1480644   gw/acl_mode versus gw/reg_no_conn_info 1474615   bex analyzer, customer component bc-cst-gw gateway/cpic, reginfo & secinfo 1425765   generating sec_info reg_info 1408081   basic settings, host=<hosts> access=<hosts> cancel=<hosts>note, components bc-sec security priority correction, opened 1425765   generating sec_info reg_info 1408081   basic settings

Related Notes :

1889010MDM Server failed to register to gateway of Netweaver 7.40
1633982Update #1 for Security Note 1444282
1503858Colored lines for sec(-reg) info test in SMGW
1480644gw/acl_mode versus gw/reg_no_conn_info
1474615BEx Analyzer: Workbook is not opened
1425765Generating sec_info reg_info
1408081Basic settings for reg_info and sec_info
1316106Data Federator: Configuration of RFC connection
1305851Overview note: reg_info and sec_info
1298433Bypassing security in reginfo & secinfo
1105897GW: reginfo and secinfo with permit and deny ACL
618516Security-related enhancement of RFCEXEC program