Handling Intrusion Detection/Prevention Software

A personal firewall, or intrusion detection/prevention software (IPS or IDPS), can cause SAP Mobile Platform components to malfunction or not function at all. SAP Mobile Platform uses regular IP communication between components on the primary network interface of a computer, even when all components are installed on the same host.

If the local network interface is secured by intrusion detection/prevention software (IPS or IDPS, for example, McAfee Host Intrusion Prevention software or equivalent), you must configure the security software to allow all network communication between SAP Mobile Platform components.

For a single-node installation of all of the SAP Mobile Platform components, try one of these options to work around the limitations imposed by the host intrusion prevention software and policy settings, without violating any security policy, until the settings of your security software are adjusted to the needs of SAP Mobile Platform.

Choose an option:
  • Removing the host machine from the network – this option ensures that all interconnections between SAP Mobile Platform components are treated as local traffic and is not be flagged as incoming connections from external sources, thereby causing connection failures due to security policy setting. This option is suitable when you use your laptop in a network other than your corporate network, and want to demonstrate a mobile solution using a simulator or emulator with all components running on the same machine. To use this option:
    1. Stop the SAP Mobile Platform services in the correct order. See Methods for Starting and Stopping SAP Mobile Platform in System Administration.
    2. Disconnect the host from all networks.
    3. Restart SAP Mobile Platform services in the correct order.
    4. Change the SAP Control Center URL link to use "localhost" or <yourhostname> as the host name, instead of the original fully qualified host name of the machine that included the domain name (for example: https://localhost:8283/scc, or https://yourhostname:8283/scc). Accept any security warnings to connect to SAP Control Center.
  • Connecting the host to the corporate network – this option ensures that all interconnections among SAP Mobile Platform components are internal to your corporate network and validated against the corporate network security policy. The option of connecting to corporate network through VPN is especially suitable when you use your laptop in a network other than your corporate network, and want to demonstrate a mobile solution using your physical devices, and need outgoing connections to a backend Enterprise Information System (EIS) or Relay Server (SAP Hosted Relay Server or otherwise).
    1. Stop the SAP Mobile Platform services in the correct order. See the Methods for Starting and Stopping SAP Mobile Platform topic in System Administration.
    2. Reconnect the host to your corporate network directly or through corporate VPN, to ensure that the corporate network security policy applies.
    3. Restart SAP Mobile Platform services in the correct order.
    4. Change the SAP Control Center URL link to use "localhost" or <yourhostname> as the host name, instead of the original fully qualified host name of the machine that included the domain name (for example: https://localhost:8283/scc, or https://yourhostname:8283/scc). Accept any security warnings to connect to SAP Control Center.
  • So required internal component communication ports are not blocked, configuring the firewall software to allow connections to the ports the SAP Mobile Platform uses. For information about what ports you must accommodate, see SAP Mobile Platform Port Accommodation in the Landscape Design and Integration guide.
Always check for the latest available patches and updates for your SAP Mobile Server version on http://downloads.sybase.com/swd/base.do?client=support (logon account required).
Related concepts
Troubleshooting Host Name Problems
Listeners or Services Could Not be Started Errors
Related tasks
Cannot Access Device Tab and Web Service Error
Cannot Access sampledb
Problems after Installing Agentry Editor Plug-In
Related reference
SAP Mobile Server Service Fails to Restart After Credential Change
System Environment Path is Too Long
Performance Issues if SAP Mobile Server Not Installed on a 64-bit Machine
SAP Mobile Server or RSOE Startup Problems
.NET Environment Problems Affect SAP Mobile Server
Messaging Installer Completed With Errors
Data Change Notification Fails after Upgrade
VMWare Fusion Crashes when Opening PDF File
Installer Hangs Starting Services after Upgrade
Certificate Alias Properties are Empty after Upgrade