SAP Gateway Server

Fundamentals of SAP Gateway

SAP Gateway Security Configuration
🌐 SAP Gateway Work Process Overview

The Gateway work process (gwrd) in SAP enables communication between SAP systems and external (non-SAP)
systems via RFC, CPIC, or TCP/IP protocols.

🔹 Key Characteristics

 Acts as a communication bridge between SAP and non-SAP systems (e.g., third-party tools, interfaces).
 There is only one Gateway work process per SAP instance.
 The Gateway is a background service and is not visible in SM50.
 Additional Gateway instances (e.g., Standalone Gateway) can be installed as needed using SAPINST.
🔗 Usage Scenarios

 Required for communication with other SAP systems (e.g., BW, SRM, CRM, SCM, SOLMAN).
 Essential for external TCP/IP connections, where external programs must register on the SAP Gateway
using a program ID.

🛡️Port Information
Type Default Port

Unsecured Gateway Port 3300 + <Instance No>

Secured Gateway Port 4800 + <Instance No>

Example: For instance 00, unsecured = 3300, secured = 4800

🔍 Gateway Monitoring Tools

Level Tool / Transaction

SAP GUI SMGW – Gateway Monitor (view connections, programs)

OS Level GWMON – Detailed Gateway admin and trace tool

Developer Logs /usr/sap/<SID>/<Instance>/work/dev_rd and dev_gw

⚙️Important Gateway Parameters

Parameter Description

gw/max_conn Maximum number of simultaneous connections to the gateway (Default: 500)

gw/keepalive Time interval in seconds to check inactive connections (Default: 300)

gw/timeout Timeout in milliseconds for initial connection attempts (Default: 10000)

You can view and temporarily adjust these using transaction RZ11.

🚫 Note

 There is no SAP parameter to increase the number of Gateway or Message Server processes. These are
fixed to one per instance.

🛰️GWMON – SAP Gateway Administration (Command Line Mode)

The gwmon tool is a command-line utility used for real-time monitoring and administration of the SAP Gateway. It
provides deeper OS-level access than SMGW and is especially useful when the SAP instance is down or partially
unavailable.
📁 File Location

 Typically located in:

📌 How to Start GWMON

🖥️On UNIX/Linux:

Example:

🪟 On Windows:

Example:

✅ pf= stands for profile, which must point to the instance profile file containing the Gateway configuration.

🧭 What You Can Do with GWMON (CLI)

 View and manage:

o Gateway version and status
o Registered programs
o Active connections
o Trace activation
o Secinfo/reginfo reloading
 Run Gateway diagnostics
 Kill stale connections
 Reread configuration dynamically
🧪 Useful for

 Troubleshooting Gateway when SAP GUI is not available

 Automating Gateway monitoring through shell scripts
 Deep-level Gateway control (beyond SMGW)

🔍 How to Check if Standalone Gateway is Running on Application Host

✅ 1. If Gateway is Not Standalone

(i.e., it runs as part of a Dialog instance – integrated)

You’ll typically see the following processes in the SAP instance:

 disp+work – Dispatcher and work processes

 igswd – Internet Graphics Server (optional)
 gwrd – Gateway process (as part of Dialog instance)

✅ In this case, gwrd is controlled and started by disp+work.

📌 How to check:

Check for:
If gwrd is tied to disp+work startup, it is not standalone.

✅ 2. If Gateway is Standalone

(i.e., it runs separately on the host, like on the ASCS server or dedicated comms server)

You’ll see:

 msg_server – SAP message server

 enserver – SAP enqueue server
 gwrd – Standalone Gateway process

✅ gwrd here is not started by disp+work but runs independently.

📌 How to check:

Look for:

💡 This indicates a standalone Gateway is running — usually configured in ASCS instance or on a standalone
comms node.

🛠️Additional OS Command to Confirm

You can use sapcontrol to get exact process info:

Output Example for Standalone Gateway:

Versus Dialog Instance:

📘 Summary Table:
Setup Processes Seen Gateway Type

Dialog Instance disp+work, gwrd, igswd Integrated Gateway

Standalone Gateway gwrd, msg_server, enserver Standalone Gateway

🛰️GWMON – SAP Gateway Monitor (Gateway Administration Tool)

GWMON is a powerful SAP GUI-based administration tool used for monitoring, tracing, and managing Gateway
activity and connections—especially in complex RFC and external program communication environments.

📍 How to Start GWMON

1. Open SAP GUI

2. Go to transaction:
3. /nGWMON
 or

✅ You can also run program RSGWMON in SE38.

📊 What You Can Do in GWMON

Feature Description

Monitor Gateway status Shows Gateway hostname, service, status

View active connections List of registered programs, clients, RFC connections

Check external programs All currently registered external programs

Trace connection issues Start/stop Gateway trace at connection level

Admin functions Delete connections, cancel registrations

RFC Usage Analysis Displays communication paths and volumes

Access Control Info Status of reginfo / secinfo enforcement

System-wide view If multiple systems are configured, GWMON can be used to compare or monitor centrally

🧪 Typical Usage Scenarios

1️⃣ Check RFC or External Program Registration

 Open GWMON → Registered Programs

 Shows program ID, client, registration time

2️⃣ Check RFC Failures due to ACL Restrictions

 Check the Gateway log (dev_rd, gw_log)

 Use GWMON → Logs/Traces to confirm access errors

3️⃣ Check for Gateway Overload

 GWMON → Connection Monitor → Watch for high number of active RFCs

 Look at max connections (based on gw/max_conn)

4️⃣ Trace a Specific RFC Call

 Activate Gateway Trace in GWMON

 Filter by program ID or client IP
 Helpful for debugging failing interfaces

🛠️Expert Tip – Remote GWMON

To monitor Gateway of remote instance (e.g., ASCS):

 Use /nSMGW → Goto → GWMON

 In "System" field, input remote system info
 Or run /nRSGWMON_ASCS to monitor ASCS Gateway
📁 Logs Location (OS)

 dev_rd, dev_gw, gw_log* located in:

📊 GWMON vs SMGW – SAP Gateway Administration Tools

Feature / Function SMGW (Transaction) GWMON (Transaction / Program)

Standard Gateway monitoring and

Purpose Advanced Gateway monitoring and analysis
admin

GWMON or run program RSGWMON /

Transaction Code SMGW
RSGWMON_ASCS

Instance-specific (local gateway Can be central or remote (e.g., monitor ASCS

Scope
instance) Gateway)

View Active Connections ✅ Yes ✅ Yes (more detailed, with filtering)

✅ Yes (Goto → Logged On ✅ Yes (Dedicated view, with registration time, host,
Registered External Programs
Clients) etc.)

RFC Connections ✅ Yes ✅ Yes (with deep insight and filters)

Trace Capabilities 🔶 Basic (SMGW → Goto → Trace) ✅ Advanced (start/stop per connection or program)

Access Control File Status (secinfo,

✅ Yes (via Expert Functions) ✅ Yes (and more verbose logging)
reginfo)

Gateway Parameters ✅ RZ11 / Profile / Display in SMGW ✅ Displayed in full in context

Remote System Gateway Monitor 🔶 Possible manually using routing info ✅ Designed for this (e.g., RSGWMON_ASCS)

Administration (Delete Connections, etc.) ✅ Yes ✅ Yes (with more granularity)

Gateway Performance / Load Overview 🔶 Limited ✅ Better analytics and counters

Log Access (live logs) ❌ No direct log file viewer ✅ Direct log & trace viewing

✅ When to Use What?

Use Case Recommended Tool

Routine Gateway checks (local) SMGW

Need detailed list of external programs & RFCs GWMON

Gateway trace of specific program or IP GWMON

Monitoring remote gateway (ASCS) RSGWMON_ASCS

RFC failure troubleshooting GWMON + logs

Central Gateway Management in large landscapes GWMON

🔁 How to Convert an Integrated Gateway to a Standalone Gateway (e.g., in ASCS)

And how to route RFC traffic through the central standalone Gateway.

🧾 Why Do This?

 Centralized RFC communication

 High Availability support via ERS
 Easier firewall configuration (one point of entry)
 Offload load from Dialog instances

✅ A. Steps to Set Up Standalone Gateway in ASCS Instance

1️⃣ Enable Gateway in ASCS Instance

 Go to transaction RZ10
 Edit the ASCS instance profile
 Add or ensure:

 Optional (if not already present):

2️⃣ Restart ASCS Instance

 Required for parameter to take effect

 You should now see gwrd running with msg_server and enserver

❌ B. (Optional) Disable Gateway in Dialog Instances

If you want only one gateway, disable in dialog instances:

 Edit each Dialog instance profile in RZ10

 Set:

 Restart each dialog instance

⚠️If some apps (e.g., SAP GUI) or RFC destinations must still use local gateway, do not disable it.
🔁 C. Route All RFC Traffic via Standalone Gateway (in ASCS)
1️⃣ Go to Transaction SM59

For each RFC destination:

 Enter the Target Host as the ASCS hostname

 Set Gateway Host = <ASCS_HOST>
 Set Gateway Service = sapgw<ASCS_instance_number>

Example:

2️⃣ Maintain Registered Programs

If you use registered external programs, they must now register with the ASCS Gateway, not the local dialog one.

Update the external program's connection string:

3️⃣ Update ACLs

Ensure reginfo and secinfo on ASCS allow access for:

 External programs
 Dialog servers (if needed for RFCs)

Update files:

Then reread via:

🧪 D. Validation
✅ Check Gateway Running:

Ensure:
✅ Monitor Activity:

In ASCS → SMGW, monitor:

 Registered programs
 Client connections
 Logs (goto → Expert Functions → Logging)

🛑 How to Shut Down the SAP Gateway

📍 Transaction: SMGW

✅ Steps to Shut Down the Gateway

1. Go to Transaction Code:
2. /nSMGW

3. Navigate to:
Goto → Administration → Shutdown Gateway
4. Confirm the action when prompted:
o This will stop the gwrd (gateway process) for the current instance only.

⚠️Important Notes

 The shutdown only affects the local Gateway of the selected instance.
 All registered external programs and active RFC connections will be terminated.
 If the gateway is needed again, you must restart the SAP instance or use OS-level commands to start it
manually.
🧪 Verification (Optional)

After shutdown:

 Check in SMGW: No gateway process or connections should be listed.

 At OS level:

If gwrd is no longer running → shutdown is successful.

🔁 Restarting SAP Gateway Process (gwrd) Without Full SAP Restart

✅ This is only applicable if the Gateway is standalone (not embedded in disp+work).

If it’s integrated, you must restart the entire instance.

🛠️A. OS-Level Restart for Standalone Gateway

🔹 1. Stop Gateway Manually
On UNIX/Linux:

On Windows:

Or use kill command as a last resort:

🔹 2. Start Gateway Again

On UNIX/Linux:

On Windows:

🧪 B. Verify Gateway Restart

 Run:
 Look for:

 Or check logs:

📌 Note (for Dialog Instances)

If the Gateway (gwrd) is part of a Dialog Instance, it is tied to the disp+work process — so you cannot restart gwrd
independently.
In such cases, you must:

🔄 Reset SAP Hostname Buffer

The Hostname Buffer caches IP ↔ hostname mappings used by the SAP Gateway and dispatcher. Resetting it
ensures updated DNS or hosts file changes take effect without restarting the system.

✅ Method 1: Using SMGW (Gateway Level)

📍 Transaction: SMGW

Steps:

1. Go to transaction /nSMGW
2. Navigate to:
Goto → Expert Functions → Host Name Buffer
3. Click the 🗑️Dustbin icon to delete/reset the buffer
4. Alternatively, go to:
List → Invalidate
🔁 This will clear the cached hostnames used by the Gateway process.

✅ Method 2: Using SM51 (Application Server Level)

📍 Transaction: SM51

Steps:

1. Go to transaction /nSM51
2. In the menu:
Goto → Host Name Buffer → Reset
🔁 This resets the dispatcher-level hostname buffer, impacting the full app server.

🧪 When to Perform Hostname Buffer Reset

 After editing /etc/hosts or DNS mappings

 When RFC connections fail with name resolution errors
 After network changes involving hostname/IP

⚠️Caution

 This operation is safe and does not interrupt running processes.

 A system restart is not required after hostname buffer reset.

🛠️Troubleshooting Case: RFC Failure Due to Stale Hostname Resolution

🎯 Issue

An RFC destination (SM59) between two SAP systems suddenly failed with the following error:

🔍 Background

 The target system's IP was recently changed.

 /etc/hosts and DNS were updated correctly.
 Ping and telnet from the OS were working fine.
 However, SAP still showed the old IP.
🧪 Diagnosis

1. Verified RFC destination in SM59 → Test connection failed.

2. SAP kernel log in dev_rd showed:

3. Suspected hostname buffer was not refreshed.

🧹 Resolution

1. Went to transaction SMGW on the affected system.

2. Navigated to:
Goto → Expert Functions → Host Name Buffer
3. Clicked the 🗑️Dustbin icon to clear the buffer.

Alternatively (or in parallel):

 Used SM51 → Goto → Host Name Buffer → Reset

4. Retested RFC in SM59 → ✅ Success.

✅ Result

SAP now used the correct IP from DNS/hosts file, and RFC communication resumed without restarting the SAP
instance.

🧠 How SAP Hostname Buffer Works

📦 What It Caches

 SAP caches hostname ↔ IP resolutions to reduce lookup overhead.

 Used by Gateway (gwrd) and Dispatcher (disp+work).

🔁 Why It Becomes a Problem

 OS DNS or /etc/hosts changes are not picked up automatically by SAP.

 This causes SAP to refer to stale data, especially in RFC, ALE, IDoc, and external program registrations.

🔧 Where It Affects
Component Cache Level Reset Using

Gateway (gwrd) Gateway Host Buffer SMGW → Host Name Buffer → Dustbin

Dispatcher App Server Host Buffer SM51 → Host Name Buffer → Reset
The image shows an SAP tool or internal script utility interface titled "Gateway Security Control" which is used to
enable or disable the SAP Gateway security settings, particularly the access control through the reginfo file and
the parameter gw/acl_mode.

🔐 What This Tool Does

This script performs four main actions based on whether you click:

 Enable Gateway Security (for Windows NT or Unix)

 Disable Gateway Security (for Windows NT or Unix)

🧩 Step-by-Step Explanation of the Script Behavior

🔁 1. Change the gw/acl_mode Parameter

 This is done dynamically via transaction RZ11 (not requiring instance restart).
 gw/acl_mode = 0: Disables gateway security (no access control enforced).
 gw/acl_mode = 1: Enables gateway security (strict check using reginfo and secinfo files).

🔎 2. Get Current reginfo File Path

 Uses RZ11 to read the value of the parameter gw/reg_info.

 This tells the script where the current reginfo file is located.

🚫✅ 3. Modify the reginfo File Name (Based on Button Click)

🟥 If "Disable" button is clicked:

 The script will:

 o Call report RSBDCOS0 (runs OS-level commands from SAP).
o Use OS move command (Windows) or mv command (Unix).
o Rename the current reginfo file by adding "_gwpersonas" suffix.
Example:

🟩 If "Enable" button is clicked:

 The script will:

o Reverse the above rename by moving the file with _gwpersonas back to its original name.
o This restores the original reginfo file.

🔄 4. Reread Gateway ACL Rules

 Finally, the script will:

o Execute SMGW → Reread function for gateway ACL files (i.e., reginfo, secinfo).
o This step ensures gateway security rules are reloaded in real-time without requiring SAP restart.

⚙️Technical Background
Parameter / File Description

gw/acl_mode Controls whether the SAP Gateway uses reginfo and secinfo files (1 = enabled, 0 = disabled)

gw/reg_info Points to the path of the reginfo file controlling RFC external program registrations

RSBDCOS0 SAP program to execute OS-level shell commands from within SAP GUI

SMGW → Expert Functions Allows manual rereading of ACL files like reginfo, secinfo

✅ Use Case Example

Say you're troubleshooting an RFC registration issue and suspect the reginfo rules are blocking the external
program. You can:

1. Temporarily disable gateway security (set gw/acl_mode=0 and rename reginfo).

2. Retry the RFC registration.
3. If it works, adjust your reginfo properly, then re-enable gateway security

🛰️Standalone Gateway Monitor for ASCS Instance

Used to remotely monitor the Gateway process running in the ASCS instance (especially in distributed systems
where Gateway is decoupled from application instances).
🔹 Option 1: Execute via ABAP Report

 Transaction: SE38
 Program: RSGWMON_ASCS
 Action: Run the program to call the Gateway Monitor of the ASCS instance

🔹 Option 2: Use SMGW with ASCS Routing

1. Go to Transaction: SMGW
2. In the Opcode Field (top input field), enter:
3. ASCS

4. Press Enter

This redirects SMGW to check the Gateway process on the ASCS instance

⚠️If Gateway is Not Running

 You’ll see a message:

❗ "No Gateway is active"

This can happen if:

 No Gateway is configured in ASCS (common in older or misconfigured systems)

 The web method call to ASCS failed (network or service down)
 ASCS Gateway process (gwrd) is not running

🔍 To Check Gateway Status in OS Level

From the ASCS server:

Or using sapcontrol:

Look for:

✅ Best Practice

 Always ensure Gateway is configured and running in ASCS if you plan to use it centrally.
 Monitor Gateway usage regularly in distributed setups using SMGW, SM04, and RSGWMON_ASCS.

✅ Gateway Startup Troubleshooting Checklist (for ASCS or Dialog Instances)

If the gateway process (gwrd) is not starting or not visible, follow these steps:

🧩 A. Check Profile Parameters

Ensure these are set correctly in the instance profile (RZ10):

1. Enable gateway in ASCS (if needed):

If 0, then no Gateway work process will start.

2. Check Gateway hostname/port:

NN is the instance number.

🧪 B. Check SAP OS-Level Services

1. On OS (Linux/Unix):
 2. Use sapcontrol:

📄 C. Review Gateway Logs

 dev_rd, dev_disp, dev_w0, dev_enq, and most importantly:

dev_gw or dev_trace in work directory.

🔄 D. Restart Instance

 After correcting any profile or config:

🔁 Moving Gateway from Dialog Instance to ASCS

📌 Purpose:

Centralize Gateway in ASCS (especially useful in High Availability environments or when using RFCs extensively)

🛠️Steps to Move Gateway

Step 1: Enable Gateway in ASCS

1. Go to RZ10 → Choose ASCS instance profile

2. Add or modify:

o Enables gateway in ASCS instance

Step 2: Disable Gateway in Dialog (optional)

1. Go to Dialog instance profile

2. Set:
📁 Optional – Clean Up services File

On OS level (Windows or Linux), ensure the port for the gateway is mapped correctly:

🔄 Restart Required

 After changes, restart both ASCS and Dialog instances

🔍 Validate Gateway is Running in ASCS

 From SMGW, click Goto → Remote Gateways

 Run RSGWMON_ASCS to check ASCS gateway health

🛰️Monitor & Capture Gateway Activities in SAP

Used to trace, log, and monitor RFC connections, program registrations, and network events handled by the SAP
Gateway.

🔍 Where to Access Gateway Logging

📍 Transaction: SMGW
▶ Steps:

1. Go to SMGW
2. Navigate to:
Goto → Expert Functions → Logging
⚙️Options Available in Gateway Logging

Once inside the Logging menu, you can:

🔹 Activate Logging

 Choose "Activate logging" for the desired components:

o External Programs (CPIC)
o Registered Programs
o Gateway Connections
o Errors or Denials due to secinfo/reginfo

🔹 View Current Logs

 See all currently active connections and what events are being recorded.

🔹 Log Files Location (OS Level)

 Gateway logs are written in:

📝 Tip: Filtering Gateway Logs

After enabling logging, filter logs based on:

  Partner hostname/IP
 Registered program name
 Error reason (e.g., not allowed by reginfo)

⚠️Important Notes

 Logging should be deactivated after troubleshooting to reduce performance overhead.

 For detailed RFC errors, use transaction SM59 → Test connection and then check SMGW logs.

🧰 Optional: Use OS Commands to View Gateway Logs

🔴 Error: SAP max no. of gateways exceeded

 Symptom: Gateway process cannot accept new connections.

 Log file to check: dev_rd (dispatcher log)

✅ Solutions
Method 1: Clear Unused Gateway Connections

1. Go to transaction SMGW
2. Navigate to:
Goto → Logged on Clients / Remote Gateways
3. Sort the entries by Date/Time
4. Delete older or unused connections:
o Select the connection
o Choose Delete
Method 2: Increase Gateway Limits and Tune Parameters

1. Go to RZ11 and check or change the following parameters:

o 🔹 rdisp/max_gateways
 Default: 100
 Suggest increasing this based on load (e.g., 150 or 200)
 Change requires instance restart
o 🔹 gw/so_keepalive
 Set this to 1 to enable TCP keepalive
 This helps clean up dead/stale connections over time
 May not require restart if set dynamically

🛠️Best Practices

 Regularly monitor connections in SMGW

 Use keepalive settings to avoid stale connection buildup
 Consider setting gw/max_conn (default: 500) if many RFC calls are expected
 Monitor logs: dev_rd, dev_disp, and dev_w* for recurring gateway issues
🔐 Managing SAP Gateway ACL Files – secinfo & reginfo

These files control security rules for external programs and registered programs in the SAP Gateway.

🖥️To Display Gateway ACL Files

📍 Transaction: SMGW

1. Go to SMGW
2. Choose:
Goto → Expert Functions → External Security → Maintenance of ACL Files
3. You will see two options:
o Display secinfo file
o Display reginfo file

✅ You can review the rules currently loaded in the memory from this screen
🔄 To Reread (Reload) Gateway ACL Files

This is required if you make manual changes to the files at the OS level and want SAP to reread them without
restarting the instance.

🚨 Steps to Reload:

1. Go to SMGW
2. Choose:
Goto → Expert Functions → External Security → Reread
(or sometimes shown as "Reread Reginfo/Secinfo")
 3. Confirm the prompt to reload both files into memory

🔁 This triggers the gateway process to reread the files from their OS path, typically from:

 /usr/sap/<SID>/SYS/global/ for secinfo and reginfo

🧪 Optional Check – dev_rd or dev_sec

After reread, check logs:

Look for messages like:

📁 Default File Locations

If not changed in the profile, files are usually located at:

To customize location, check in RZ11:

 gw/sec_info
 gw/reg_info

🧠 What is SAP Gateway?

The SAP Gateway is a component within the SAP NetWeaver architecture that enables communication between
the SAP system and external systems, including:

 Third-party tools (non-SAP)

 Other SAP systems (via RFC)
 Web or TCP/IP-based communication

It is not a work process in SM50/SM66 but a background service (gwrd) that handles RFC and TCP/IP
connections.

📌 Key Roles of SAP Gateway

Functionality Description

RFC Communication Handles synchronous/asynchronous RFC connections to/from remote systems.

 Functionality Description

Third-party Integration Required for TCP/IP registered programs to interact with SAP ABAP systems.

Inter-Instance Communication Supports communication between application servers or between different SAP systems.

External Server Calls Used for HTTP/SOAP-based calls to ABAP function modules via registered destinations.

🧱 Architecture Overview

 Runs as a gwrd process in each application server.

 Each instance has only one Gateway.
 For ASCS (central services), a dedicated Gateway can be configured.
 Listens on:
o Port 33 → Default Gateway port (e.g., 3300 for Instance 00)
o Port 48 → Secure Gateway port (SSL-enabled)

⚙️Configuration Parameters
Parameter Description

gw/acl_mode Enables/disables ACL security mode (1 = active, 0 = inactive).

gw/reg_info Path to reginfo file (defines which programs can register).

gw/sec_info Path to secinfo file (defines who can start programs via RFC).

gw/max_conn Max simultaneous Gateway connections (default: 500).

gw/keepalive Time interval to check inactive connections (in seconds).

gw/timeout Connection timeout for Gateway (in ms).

Set these parameters via transaction RZ10 (instance profile) or RZ11 for runtime testing.

🛡️Security: ACL Files (Gateway Access Control)

1. reginfo – Controls external program registration

2. secinfo – Controls start of external programs via RFC

🟩 Files must be correctly maintained when gw/acl_mode = 1.

Can be reloaded dynamically from SMGW > Goto > Expert Functions > External Security.

🔍 Monitoring Tools
Tool Usage

SMGW Main SAP Gateway Monitor (active connections, logs, ACL reread).

GWMON OS-level standalone Gateway monitor (CLI-based, powerful).

SM04 / AL08 See users and terminal connections (sometimes tied to Gateway).

ST22 / SM21 Check dumps or system log for Gateway errors.

dev_rd Developer trace of Gateway process.

🛠️Common Administration Tasks
Task How-To

View active RFC connections SMGW → Goto → Logged on Clients

Monitor remote Gateway connections SMGW → Goto → Remote Gateways

Enable/disable Gateway security Update gw/acl_mode and rename reginfo/secinfo

Restart Gateway Kill gwrd process and let SAP restart it or restart the instance

Check Gateway traces Check dev_rd under /usr/sap/<SID>/<Instance>/work/

Reread ACL files SMGW → Goto → Expert Functions → External Security

🛑 Common Issues & Solutions

Issue Diagnosis Fix

“Max Gateway Connections Exceeded” Check gw/max_conn Increase parameter via RZ10

RFC fails due to security Check ST22, dev_rd, and SMGW Maintain correct reginfo/secinfo entries

Gateway not listening Port conflict or crashed process Check if gwrd is running, check port 33XX/48XX

External registration fails reginfo blocked it Allow the registration in reginfo ACL

📁 Gateway Ports (per Instance)

Instance No. Gateway Port Secure Gateway

00 3300 4800

01 3301 4801

02 3302 4802

... ... ...

Check using command:

📦 Advanced: Standalone Gateway

If needed, a Gateway can be installed standalone (e.g., on ASCS or dedicated host). It appears as:

 gwrd (Gateway)
 msg_server
 enserver

This is useful in distributed environments, or where dedicated RFC load is required.