Gateway Tunnel for SAP Connections
1 vote
Hi,
we are using RDM and are on the road to get an PAM Tool.
Cause of using RDM now for 14 years, we had a look on many diffrent PAM Tools.
All of them are not able to open an SAP GUI connection without RDS.
Is it possible to use it by tunneling through the Devolutions gateway?
All Comments (2)
Hi,
I am not familiar with SAP GUI, but I’ve looked a little bit into their documentation.
First, you probably want to use a Devolutions Gateway Tunnel.
It seems SAP GUI does not support HTTP/SOCKS5 proxies, so we can’t use that.
However, you can probably configure TCP port forwarding: in the Devolutions Gateway Tunnel entry, map a local port to the destination address and port, then use the local port with 127.0.0.1 in SAP GUI.
Please, give it a try and let me know if you need further assistance.
Also, we are experimenting with a VPN-like feature for the Devolutions Gateway that you could eventually use to forward arbitrary traffic at the OS level. I can link the ticket to this thread if you are interested.
Best regards,
Benoit Cortier
Hello,
Yes, you need to set this up like a regular TCP port forwarding setup instead of hoping that SAP GUI will magically talk through a PAM tool.
Devolutions Gateway can do it, but the trick is to set up a tunnel entry that sends a local port (like 127.0.0.1:3200) to your SAP server or instance port.
Then, instead of the real server, point SAP GUI to that local port.
Don't even bother looking for HTTP/SOCKS proxy support—SAP GUI just doesn't care.
If you're planning for the long term, the "vpn-like" forwarding in Devolutions Gateway could save you a lot of trouble because it makes the OS treat all SAP traffic as if it were local.
I've been there before, and it works great once the ports are set up right.