Two agents network topology avoid business disruptions
When the main branch network line failure, you can set up a temporary wireless network through the 4G network card, access to the SAP system through a proxy server to ensure services are not interrupted. After testing 4G phone card through the following network topologies can be implemented 20+ terminals simultaneously access SAP business operations.
(Two Proxy) Proxy Host Configuration
system version:
Win10
Network address configuration:
IP1 used to link external network
IP1: 192.168.8.2
Mask: 255.255.255.0
Gw: 192.168.8.1
Dns:192.168.8.1
IP2 for the network proxy
IP2:192.168.20.1
Mask: 255.255.255.0
Computer access for only the local network segment, gateway is not configured
CCProxy server settings
Service area
Account settings within the network to allow the use of all
Let proxy host only allowed to link SAP server
1, through a proxy server, extra security.
2, within penetrate the network.
3, save traffic, after all, limited 4G traffic.
Proxifier settings
Add the proxy server
End needs to configure the proxy server (CCProxy may be used)
Support account password verification IP + mode.
Rules Configuration
Add sap flow through a proxy server access
The default rule is set to reject. Traffic that does not match all refused to save traffic. Only allows the office.
Network client settings Proxifer:
Requirements and CCproxy in the same network segment
Server Address: 192.168.20.1 server port: 1080 using anonymous link
Client-side rules setting:
For only the flow of 192.168.2.100
Default deny all traffic
(Agent) CCProxy proxy server configuration
Set Scocks5 service port 1080
We need to do port mapping in the corporate router entrance
Achieve penetration within the network through a public IP or domain name
Use account and password verification
socks5
SOCKS5 proxy is a protocol that use TCP / IP protocol to play an intermediary role between the front end of the machine and the server machine communications, making the internal network front end of the machine becomes able to access the Internet network server, or to make communication more secure. SOCKS5 server to forward to the real target server requests sent to the front to simulate the behavior of a front end. Here, between the front and SOCKS5 also carried out via TCP / IP communication protocol, the tip will be sent to the original request to the real server to server SOCKS5 and SOCKS5 server forwards the request to the real server.
Socks5 proxy almost most of the services, so easy to internal network security threat, we can combine wf.msc
Limited access range.
Limited range of firewall access
For example, to disable port 3389 Remote Desktop Services
We can add the station refused to rule
The same address range may be combined to add more rules to define access range.