Firewall configuration
FOLLOWING SAP DOCUMENTATION:
“ATTENTION
Please note that we will migrate and unify the .coresystems.net
and .coresuite.com
domains into the new fsm.cloud.sap
superdomain. As part of the migration we will also introduce new IP addresses for every cluster as well as for our authentication service.
Please note that those new IP addresses have to be added to a firewall configuration and is marked below in blue.
For more information please refer to the following announcement: Common Superdomain for Saas Applications.”
source: Firewall Configuration Requirements | SAP Help Portal
Firewall between FSM and Message Broker
The firewall placed between a message broker and FSM Cloud must allow unidirectional access via HTTPS to:
Message Broker prior to 4.4:
auth.coresuite.com
ds.coresuite.com
[de|eu|us|cn|au].coresuite.com,
[de|eu|us|cn|au]. coresystems.net
Message Broker 4.4 and above:
domain auth.coresuite.com is obsolete and was not migrated
ds.fsm.cloud.sap
[de|eu|us|cn|au].fsm.cloud.sap
[de|eu|us|cn|au].fsm.cloud.sap
All connections use port 443.
Firewall between SAP and Message Broker
The firewall placed between a message broker and SAP system must allow bidirectional access.
TCP port used by message broker depends on its configuration
TCP port used by SAP depends on system settings - it must be either port used for HTTP connections or port used for HTTPS connection
Use of HTTPS is optional and both channels (to and from SAP) are independent in that matter - for instance, one may setup secure connection from SAP to message broker and regular HTTP in the opposite direction
More on the SAP Field Service firewall configuration requirements can be found under the following link.
If you'd like to help us improve the documentation, please provide your feedback using the communication channels listed /wiki/spaces/PFCC/pages/1561427969. Learn about support possibilities here.