HP 640n Print Server manual 1IPsec/Firewall Policy

Page 117

Table 5-1IPsec/Firewall Policy page

Item

Description

 

 

Enable IPsec/Firewall

Select the check box to enable your IPsec or Firewall policy. Clear this check box to

or

disable IPsec/Firewall operation.

 

 

Enable Firewall

 

 

 

 

IPsec/Firewall Rules

Configure up to ten rules in descending order of precedence. For example, Rule 1 is

 

higher in precedence than Rule 2.

 

Define each rule using the following fields:

 

Enable Select whether a configured rule is enabled or disabled for the policy.

 

Address Template Set the IP addresses for which the rule applies. Select

 

 

among several predefined templates, or specify a custom template. Click on a

 

 

template entry to view or modify the template configuration.

 

Services Template Identify the services for which the rule applies. Select

 

 

among several predefined templates, or specify a custom template. Click on a

 

 

template entry to view or modify the template configuration.

 

 

CAUTION: If the All Services template for a rule is not specified, a security

 

 

risk can exist. Future networking applications deployed after the IPsec Policy is

 

 

in place might not be IPsec-protected unless the All Services template is used.

 

 

For example, installing a third-party Chai service plug-in, or upgrading firmware

 

 

for the printer or print server, can result in a new service that is not covered by

 

 

the IPsec policy. Review policies whenever firmware is updated or a new Chai

 

 

applet is installed.

 

Action on Match Define how to process the IP traffic that contains the

 

 

addresses and services specified.

 

 

For Firewall operation, the traffic is allowed or dropped, depending on the action

 

 

specified by the rule.

 

 

For IPsec operation, the traffic is allowed without IPsec protection, dropped, or

 

 

IPsec-protected using an IPsec template specified for the rule. Click on a

 

 

template entry to view or modify the template configuration.

 

 

Default Rule

Indicate whether the default rule drops or allows the traffic. The default rule specifies

 

whether to process IP packets that do not match the configured rules.

 

Select Drop (default) to discard traffic not covered by the configured rules.

 

Select Allow to allow traffic that is not covered by the configured rules. Allowing IP

 

packets that do not match the configured rules is not secure.

 

For an example, see Default Rule example on page 108.

 

 

Add Rules

Select Add Rules to configure rules using the IPsec wizard..

Delete Rules

Select Delete Rules to remove one or more rules from the policy.

 

 

Advanced

Configure a Failsafe feature to prevent lock out of the print server over HTTPS

 

(secure Web browser access) during IPsec/Firewall policy set up.

You can allow selected multicast and broadcast traffic to bypass your IPsec/Firewall policy. This might be required for device discovery by system installation utilities.

ENWW

107

Image 117
Contents HP Jetdirect Print Servers Page HP Jetdirect Print Servers Trademark Credits Table of contents Mac OS network installation IPX/SPX 105 121125 165 139179 175193 211Supported print servers Introducing the HP Jetdirect print server2Supported network protocols Supported network protocolsEAP/802.1X port-based authentication AuthenticationSecurity protocols Snmp IP and IPXWireless print server authentication Supplied manualsIPsec/Firewall Firmware installation tools Firmware upgradesHP support HP online supportProduct registration Product accessibility1Software Solutions HP Web Jetadmin see HP Web Jetadmin onOperating Environment Function Remarks HP software solutions summary HP Jetdirect Printer Installer for Unix HP Web JetadminSystem requirements Configure and modify a device Install HP Web Jetadmin softwareRemove HP Web Jetadmin software Verify HP Web Jetadmin installation and provide accessHttp// IPaddress /ipp/port# Microsoft-supplied softwareNovell-supplied software Mac OS network installationSoftware tools Use Bonjour Mac OS XTest the configuration Verify network configurationEnww IPv6 address introduction IPv6 configurationLink-local address IPv6 address configurationStateless addresses Stateful addressesUse DNS IPv4 configuration Server-based and manual TCP/IP configuration IPv4Tools and utilities Default IP address IPv4 Default IP address is not assignedDefault IP address is assigned Default IPv4 address configuration options Default IP on wireless and wired print serversDefault IPv4 parameter Dhcp requests enable/disableTCP/IP configuration tools Default IPv4 behaviorUse BOOTP/TFTP IPv4 Advantages of using BOOTP/TFTPConfigure the print server using BOOTP/TFTP on Unix Systems using network information service NIS Configure the Bootp serverBootptab file entries IPv4 RFC Description 1Tags supported in a BOOTP/DHCP boot fileTftp configuration file entries IPv4 2TFTP configuration file parameters Example HP Jetdirect Tftp configuration fileGeneral TCP/IP Main TCP/IP Print Options Ipp-printing or ipp-config,ipp Ftp-printing or ftp-config,ftpLpd-printing or lpd-config,lpd DefaultqTCP/IP Access Control TCP/IP Other SettingsTCP/IP Raw Print Ports Slp-keep-alive Bonjour-configSlp-client-mode Syslog-protocolUser-timeout or telnet-timeout Idle-timeoutCold-reset Icmp-ts-configDefault-ip-dhcp Default-ipSnmp-config Auth-trap or authentication-trapTrap-dest or trap-destination Ipx-config or ipx/spxTrap-dest ip-address community name port number Ipx-unit-nameAppleTalk Other SettingsUse Dhcp IPv4 Unix systemsSupport Discontinue Dhcp configuration Use Rarp IPv4Microsoft Windows systems Laserjet1 Use the arp and ping commands IPv4Arp -s IP address LAN hardware address Ping IP address Use Telnet IPv4Typical Telnet session Create a Telnet connectionTelnet user interface options Telnet command line interface defaultCommand Description User Control Commands 3Telnet Commands and ParametersWireless 802.11 Main Ampdu Aggregation Passphrase commandNetwork-type Desired-ssidPsk-passphrase Dot11-switch-timeEncryption Wep-key-methodRoam-threshold Wireless Diagnostics00a0f8387af7 Host-nameTftp Server Ipsec-config Firewall-configTftp Filename Hpnp/printer1.cfgPrinter1.support.hp.com Domain-name support.hp.comPri-dns-svr Pri-wins-svrTCP/IP LPD Queues Allow TCP/IP OtherSyslog-svr Bonjour Domain Name To 1440 EnableFtp-download User-timeoutEws-config Gw-disableTcp-mss TCP/IP Diagnostics Snmp Traps Ipx-mode PhasePjl-banner Ipx-bannerOther 1000t-ms-conf 1000t-pause-confNetwork-select Web JetAdmin Name Web JetAdmin URLMenu Interface Support-contactUse Telnet to remove an IP address 1Example Using the Menu InterfaceUse the HP Embedded Web Server Use the printer control panelMove to another network IPv4 Enww HP Embedded Web Server V .xx.nn.xx Requirements Supported HP Web Jetadmin versionView the HP Embedded Web Server Compatible Web browsersView the HP Embedded Web Server HP Jetdirect Home tab Operating notes1HP Jetdirect Home Page Items Device tabs Networking tabConfiguration section Wireless StationDiagnostics section 2Networking Menu Items3Wireless Station configuration parameters Refresh Network Name SsidAd Hoc Network peer-to-peer ChannelWEP Enterprise WPA WiFi Protected Access WPA-PersonalHpSecureNetwork WPA-Enterprise Restore DefaultsTCP/IP Settings Summary tab4TCP/IP Summary tab 5TCP/IP Network Identification tab Network Identification tab6TCP/IPv4 tab TCP/IPv4 tab7TCP/IPv6 tab TCP/IPv6 tab8TCP/IP Config Precedence tab Config Precedence tab9TCP/IP Advanced tab Advanced tabDisable Proxy Server PasswordDefault IP Manually Configured10IPX/SPX tab settings Network SettingsAppleTalk AppleTalk Enable 11AppleTalk tab settingsAppleTalk Name Type12SNMP tab settings Other Settings Misc. Settings13Miscellaneous Settings Web Services Print Certificate Mgmt ServiceLink settings Locally Administered AddressService Firmware UpgradeLPD Queues Bonjour Highest PriorityQueue Name 14LPD Queues tab settingsPrepend String Name Append String NameQueue Type Default Queue NameRaw or text String NameSelect Language Security SettingsSecurity Level Description Basic Security 15Wizard Security LevelsSecurity Level Description Enhanced Security Restore DefaultsRecommended Custom SecurityAdmin. Account AuthorizationPrinter Password Synchronization Certificates16Certificate configuration screens Configure certificatesCertificate Validity Period Install CertificateEncryption Key Length Certificate InformationInstall Certificate or Install CA Certificate screens ExamplesDomain Name myprinter.mydepartment.mycompany.com Examples Access ControlMgmt. Protocols Web MgmtSnmp Enable Print Services Enable Print ProtocolsOther 17Other protocolsEnable Device Discovery 802.1X AuthenticationMight be disabled without notification Naming Resolution18802.1X configuration settings Device Announcement Agent Other Links Enww IPsec/Firewall configuration V .xx.nn.xx 1Firewall Policy 1IPsec/Firewall Policy All IPv4 Addresses All Jetdirect Print Services Default Rule exampleIPsec security associations SA HP Jetdirect IPsec/Firewall wizardLimitations to rules, templates and services 2Limitations to rules, templates and servicesLimit Create Address Template Specify Address TemplateCreate Service Template Specify Service Template4Create Service Template 3Create Address TemplateManage Custom Services Manage Services5Manage Services 6Manage Custom ServicesSpecify IPsec/Firewall Template Specify ActionIdentity Authentication Create IPsec Template7Create IPsec Template Kerberos 8Identity AuthenticationCertificates Certificates onKerberos Settings 10Kerberos Settings9Kerberos IKEv1/IKEv2 Phase 1 Authentication IKEv1/IKEv2 Phase 2 / Quick Mode IPsec Protocols11IKEv1/IKEv2 Phase 1 Authentication 12IKEv1/IKEv2 Phase 2 / Quick Mode Settings IPsec Protocols Advanced IKE Settings13Advanced IKE Settings IPsec Protocols Manual Keys14IPsec Protocols Manual Keys Manual Keys15Manual Keys Value for an SA to use for packets received by the deviceAuthentication Configure Microsoft Windows systemsRule Summary Key FormatIP Administrator Password 1Summary of HP Jetdirect security featuresSecure Embedded Web Server Management IPsec/FirewallAuthentication and Encryption IPv4 Access Control ListTelnet Control IPv4/IPv6 Snmp v1/v2c Set Community Name IP/IPXHP Web Jetadmin IPv4 Password and Profiles Configuration Precedence TablePrinter Control Panel Lock 2Settings for Access Control Limit access to security featuresMedium HighTroubleshoot the HP Jetdirect print server Example Cold reset using the service menu Reset to factory defaultsReset to factory defaults Disable an HP Jetdirect embedded print server V .xx.nn.xx Troubleshooting chart assess the problem General troubleshootingProcedure 2 Print an HP Jetdirect configuration Procedure 1 Verify the printer is on and onlineProcedure 3 Resolve printer display error messages Procedure 4 Resolve printer network communication problems Telnet IP address port Enww Troubleshooting wireless print servers Unable to communicate during initial setupUnable to communicate after initial setup My configured channel does not match the configuration Improving reception and performance SymptomsFirmware download failure Corrective actionsEnww HP Jetdirect configuration pages Status field error messages HP Jetdirect configurationConfiguration page format 1Configuration Page SectionsHP Jetdirect Configuration/General Information Configuration page messages2HP Jetdirect Configuration/General Information MessageDescriptionMessage Description Wireless station settings3802.11 Wireless station settings Security Settings IPsec Admin PasswordFirewall Cert ExpiresTotal Packets Received Network StatisticsUnicast Packets Received BAD Packets ReceivedTCP/IP configuration information TCP/IP protocol informationIPv4 section Config by Default GatewayIP Address Subnet MaskIPv4 Section IPv6 sectionIPX/SPX configuration information IPX/SPX protocol informationIPv6 Section Novell/NetWare parameters AppleTalk protocol informationCN=ljpserver.OU=support.OU=mycity.OU=mycompany 11 AppleTalk configuration information Error messages12 DLC/LLC configuration information DLC/LLC protocol informationError Code and Message Description 13Error messagesLAN Error no Linkbeat LAN Error Retry FaultsNetwork Reconfig Must Reboot DisconnectedUnable to SET Password Unable to LoginDisconnecting SPX Timeout2C NDS Authentication 2B NDS ERR Unable to LoginError Error NDS PS Printer List Error4D CF ERR Access List Novram Error4F Tftp Remote Error Tftp Local ErrorBAD Bootp TAG Size BAD BOOTP/DHCP ReplyBOOTP/RARP in Progress BOOTP/DHCP in ProgressAdjusted Dhcp Lease TimersHP Jetdirect Security Trying to Connect to14General Information 2HP Jetdirect SecurityCurrent IPsec status IPsec Error Log Local IP addressesIPsec Statistics IPsec Rules IKE Stats16IPsec statistics 17IKE StatisticsIPsec Security Associations SA table Available Network Services18IPsec Security Associations SRCLPD printing About LPD Requirements for configuring LPDTable A-1LPD programs and protocols Purpose of ProgramSet up IP parameters LPD setup overviewSet up print queues Print a test fileLPD on Unix systems Configure print queues for BSD-based systemsExample jetdirect1 Use SAM to configure print queues HP-UX systemsPrint a test file LPD on Microsoft Windows Server 2003/2008 systemsInstall TCP/IP software Add LPR compatible printer window Verify the configurationLPD on Microsoft Windows XP systems Configure a network LPD printerPrint from Microsoft Windows clients Add Microsoft Windows optional networking componentsClick Start, Printers and Faxes Create an LPR port for an installed printerUse FTP printing Print filesFTP connections Control connectionData connection FTP loginTable B-1User commands for HP Jetdirect FTP server CommandsCommand Description End the FTP sessionPORT1 Example FTP SessionHP Jetdirect control panel menus V .xx.nn.xx Table C-1HP Jetdirect EIO Menu on Graphical Control Panel Graphical control panel menusMenu item Sub-menu item Values and Description SsidReset Configure Keys Transmit KeyEnable IPv4 Settings Config MethodDefault IP Manual SettingsIPv6 Settings Enable Dhcp RenewProxy Server DHCPv6 PolicyProxy Port Frame TypeReset Security AppleTalk EnableSecurity Print Sec IPsec or FirewallCode Verification Enable WipeLAN HW Test Http TestSnmp Test TimeoutData Path Test Select All TestsPackets Sent Ping ResultsPackets Received Percent LostPrint Protocols Link SpeedTable C-2HP Jetdirect EIO Menu on Classic Control Panel Classic control panel EIO menusMenu Item Description CFG NetworkMenu Item CFG IPX/SPXWEB Ipsec SecurityFirewall Code VerificationEnww GSOAP Open source licensing statementsExpat XML Parser Copyright and Permission Notice CURLGNU General Public License GNU General Public LicenseGNU General Public License Enww No Warranty END of Terms and Conditions GNU Lesser General Public License GNU Lesser General Public LicenseEnww Enww Enww Enww Enww GNU Lesser General Public License OpenSSL OpenSSL licenseOriginal SSLeay license OpenSSL Appendix D Open source licensing statements Index See also Gateway NDS Novram Error Total Packets Rcvd Enww Page  Hewlett-Packard Development Company, L.P
Related manuals
Manual 56 pages 58.74 Kb