HP 640n Print Server manual Default Rule example, IPsec security associations SA

Page 118

Default Rule example

The following illustrates the print server behavior depending on whether the default rule is set to Allow or Drop (default).

IPsec Policy Configuration Example: IPsec is enabled on the print server with the following rule:

All IPv4 Addresses

All Jetdirect Print Services

A simple IPsec template for these addresses and services is configured. If the Default Rule is set to Allow, then:

An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 is not processed (dropped) because it violates the configured rule.

An IP packet that is not IPsec-protected, but with an IPv4 address to a service port other than port 9100 (such as Telnet), is allowed and processed.

If the Default Rule is set to Drop, then:

An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 is not processed (dropped) because it violates the configured rule.

An IPsec packet with IPv4 address directed to printing port 9100 is allowed and processed because it matches the rule.

A non-IPsec packet with IPv4 address to the Telnet port is dropped because it violates the default rule.

IPsec security associations (SA)

If a packet is IPsec-protected, there must be an IPsec security association (SA) for it. A security association defines how an IP packet from one host to another is protected. Among many things, it defines the IPsec protocol to use, the authentication and encryption keys, and duration of key use.

An IPsec SA is unidirectional. A host can have an inbound SA and an outbound SA associated with particular IP packet protocols and services, and the IPsec protocol used to protect them.

When properly configured, the IPsec rules define the security associations for IP traffic to and from the HP Jetdirect print server and can ensure all traffic is secure.

HP Jetdirect IPsec/Firewall wizard

Use the IPsec/Firewall wizard to create one or more rules to be applied to IP traffic. Click Add Rules to start the IPsec/Firewall wizard.

108 Chapter 5 IPsec/Firewall configuration (V.45.xx.nn.xx)

ENWW

Image 118
Contents HP Jetdirect Print Servers Page HP Jetdirect Print Servers Trademark Credits Table of contents Mac OS network installation IPX/SPX 121 105125 139 165193 175179 211Introducing the HP Jetdirect print server Supported print serversSupported network protocols 2Supported network protocolsSecurity protocols AuthenticationEAP/802.1X port-based authentication Snmp IP and IPXSupplied manuals Wireless print server authenticationIPsec/Firewall HP support Firmware upgradesFirmware installation tools HP online supportProduct accessibility Product registrationHP Web Jetadmin see HP Web Jetadmin on 1Software SolutionsOperating Environment Function Remarks HP software solutions summary HP Web Jetadmin HP Jetdirect Printer Installer for UnixSystem requirements Remove HP Web Jetadmin software Install HP Web Jetadmin softwareConfigure and modify a device Verify HP Web Jetadmin installation and provide accessMicrosoft-supplied software Http// IPaddress /ipp/port#Software tools Mac OS network installationNovell-supplied software Use Bonjour Mac OS XVerify network configuration Test the configurationEnww IPv6 configuration IPv6 address introductionIPv6 address configuration Link-local addressStateful addresses Stateless addressesUse DNS Server-based and manual TCP/IP configuration IPv4 IPv4 configurationTools and utilities Default IP address is not assigned Default IP address IPv4Default IP address is assigned Default IPv4 parameter Default IP on wireless and wired print serversDefault IPv4 address configuration options Dhcp requests enable/disableDefault IPv4 behavior TCP/IP configuration toolsAdvantages of using BOOTP/TFTP Use BOOTP/TFTP IPv4Configure the print server using BOOTP/TFTP on Unix Configure the Bootp server Systems using network information service NISBootptab file entries IPv4 1Tags supported in a BOOTP/DHCP boot file RFC DescriptionTftp configuration file entries IPv4 Example HP Jetdirect Tftp configuration file 2TFTP configuration file parametersGeneral TCP/IP Main TCP/IP Print Options Lpd-printing or lpd-config,lpd Ftp-printing or ftp-config,ftpIpp-printing or ipp-config,ipp DefaultqTCP/IP Other Settings TCP/IP Access ControlTCP/IP Raw Print Ports Slp-client-mode Bonjour-configSlp-keep-alive Syslog-protocolCold-reset Idle-timeoutUser-timeout or telnet-timeout Icmp-ts-configSnmp-config Default-ipDefault-ip-dhcp Auth-trap or authentication-trapTrap-dest ip-address community name port number Ipx-config or ipx/spxTrap-dest or trap-destination Ipx-unit-nameOther Settings AppleTalkUnix systems Use Dhcp IPv4Support Use Rarp IPv4 Discontinue Dhcp configurationMicrosoft Windows systems Use the arp and ping commands IPv4 Laserjet1Use Telnet IPv4 Arp -s IP address LAN hardware address Ping IP addressCreate a Telnet connection Typical Telnet sessionTelnet command line interface default Telnet user interface options3Telnet Commands and Parameters Command Description User Control CommandsWireless 802.11 Main Network-type Passphrase commandAmpdu Aggregation Desired-ssidEncryption Dot11-switch-timePsk-passphrase Wep-key-method00a0f8387af7 Wireless DiagnosticsRoam-threshold Host-nameTftp Filename Ipsec-config Firewall-configTftp Server Hpnp/printer1.cfgPri-dns-svr Domain-name support.hp.comPrinter1.support.hp.com Pri-wins-svrTCP/IP LPD Queues TCP/IP Other AllowSyslog-svr To 1440 Enable Bonjour Domain NameUser-timeout Ftp-downloadGw-disable Ews-configTcp-mss TCP/IP Diagnostics Snmp Traps Pjl-banner PhaseIpx-mode Ipx-bannerOther 1000t-pause-conf 1000t-ms-confNetwork-select Menu Interface Web JetAdmin URLWeb JetAdmin Name Support-contact1Example Using the Menu Interface Use Telnet to remove an IP addressUse the printer control panel Use the HP Embedded Web ServerMove to another network IPv4 Enww HP Embedded Web Server V .xx.nn.xx View the HP Embedded Web Server Supported HP Web Jetadmin versionRequirements Compatible Web browsersView the HP Embedded Web Server Operating notes HP Jetdirect Home tab1HP Jetdirect Home Page Items Networking tab Device tabsDiagnostics section Wireless StationConfiguration section 2Networking Menu Items3Wireless Station configuration parameters Ad Hoc Network peer-to-peer Network Name SsidRefresh ChannelWEP Enterprise WPA-Personal WPA WiFi Protected AccessHpSecureNetwork Restore Defaults WPA-EnterpriseSummary tab TCP/IP Settings4TCP/IP Summary tab Network Identification tab 5TCP/IP Network Identification tabTCP/IPv4 tab 6TCP/IPv4 tabTCP/IPv6 tab 7TCP/IPv6 tabConfig Precedence tab 8TCP/IP Config Precedence tabAdvanced tab 9TCP/IP Advanced tabDefault IP Proxy Server PasswordDisable Manually ConfiguredNetwork Settings 10IPX/SPX tab settingsAppleTalk AppleTalk Name 11AppleTalk tab settingsAppleTalk Enable Type12SNMP tab settings Misc. Settings Other Settings13Miscellaneous Settings Link settings Certificate Mgmt ServiceWeb Services Print Locally Administered AddressLPD Queues Firmware UpgradeService Bonjour Highest PriorityPrepend String Name 14LPD Queues tab settingsQueue Name Append String NameRaw or text Default Queue NameQueue Type String NameSecurity Settings Select Language15Wizard Security Levels Security Level Description Basic SecurityRecommended Restore DefaultsSecurity Level Description Enhanced Security Custom SecurityPrinter Password Synchronization AuthorizationAdmin. Account CertificatesConfigure certificates 16Certificate configuration screensEncryption Key Length Install CertificateCertificate Validity Period Certificate InformationExamples Install Certificate or Install CA Certificate screensDomain Name myprinter.mydepartment.mycompany.com Access Control ExamplesWeb Mgmt Mgmt. ProtocolsSnmp Other Enable Print ProtocolsEnable Print Services 17Other protocolsMight be disabled without notification 802.1X AuthenticationEnable Device Discovery Naming Resolution18802.1X configuration settings Device Announcement Agent Other Links Enww IPsec/Firewall configuration V .xx.nn.xx 1Firewall Policy 1IPsec/Firewall Policy IPsec security associations SA Default Rule exampleAll IPv4 Addresses All Jetdirect Print Services HP Jetdirect IPsec/Firewall wizard2Limitations to rules, templates and services Limitations to rules, templates and servicesLimit Specify Address Template Create Address Template4Create Service Template Specify Service TemplateCreate Service Template 3Create Address Template5Manage Services Manage ServicesManage Custom Services 6Manage Custom ServicesSpecify Action Specify IPsec/Firewall TemplateCreate IPsec Template Identity Authentication7Create IPsec Template Certificates 8Identity AuthenticationKerberos Certificates on10Kerberos Settings Kerberos Settings9Kerberos IKEv1/IKEv2 Phase 2 / Quick Mode IPsec Protocols IKEv1/IKEv2 Phase 1 Authentication11IKEv1/IKEv2 Phase 1 Authentication 13Advanced IKE Settings Advanced IKE Settings12IKEv1/IKEv2 Phase 2 / Quick Mode Settings IPsec Protocols IPsec Protocols Manual Keys15Manual Keys Manual Keys14IPsec Protocols Manual Keys Value for an SA to use for packets received by the deviceRule Summary Configure Microsoft Windows systemsAuthentication Key FormatSecure Embedded Web Server Management 1Summary of HP Jetdirect security featuresIP Administrator Password IPsec/FirewallTelnet Control IPv4 Access Control ListAuthentication and Encryption IPv4/IPv6 Snmp v1/v2c Set Community Name IP/IPXConfiguration Precedence Table HP Web Jetadmin IPv4 Password and ProfilesPrinter Control Panel Lock Medium Limit access to security features2Settings for Access Control HighTroubleshoot the HP Jetdirect print server Reset to factory defaults Example Cold reset using the service menuReset to factory defaults Disable an HP Jetdirect embedded print server V .xx.nn.xx General troubleshooting Troubleshooting chart assess the problemProcedure 1 Verify the printer is on and online Procedure 2 Print an HP Jetdirect configurationProcedure 3 Resolve printer display error messages Procedure 4 Resolve printer network communication problems Telnet IP address port Enww Unable to communicate during initial setup Troubleshooting wireless print serversUnable to communicate after initial setup My configured channel does not match the configuration Firmware download failure SymptomsImproving reception and performance Corrective actionsEnww HP Jetdirect configuration pages Configuration page format HP Jetdirect configurationStatus field error messages 1Configuration Page Sections2HP Jetdirect Configuration/General Information Configuration page messagesHP Jetdirect Configuration/General Information MessageDescriptionWireless station settings Message Description3802.11 Wireless station settings Security Settings Firewall Admin PasswordIPsec Cert ExpiresUnicast Packets Received Network StatisticsTotal Packets Received BAD Packets ReceivedTCP/IP protocol information TCP/IP configuration informationIPv4 section IP Address Default GatewayConfig by Subnet MaskIPv6 section IPv4 SectionIPX/SPX protocol information IPX/SPX configuration informationIPv6 Section AppleTalk protocol information Novell/NetWare parametersCN=ljpserver.OU=support.OU=mycity.OU=mycompany 12 DLC/LLC configuration information Error messages11 AppleTalk configuration information DLC/LLC protocol information13Error messages Error Code and Message DescriptionNetwork Reconfig Must LAN Error Retry FaultsLAN Error no Linkbeat Reboot DisconnectedDisconnecting SPX Unable to LoginUnable to SET Password TimeoutError 2B NDS ERR Unable to Login2C NDS Authentication Error NDS PS Printer List Error4F Tftp Remote Error Novram Error4D CF ERR Access List Tftp Local ErrorBOOTP/RARP in Progress BAD BOOTP/DHCP ReplyBAD Bootp TAG Size BOOTP/DHCP in ProgressHP Jetdirect Security Dhcp Lease TimersAdjusted Trying to Connect to2HP Jetdirect Security 14General InformationCurrent IPsec status Local IP addresses IPsec Error LogIPsec Statistics 16IPsec statistics IKE StatsIPsec Rules 17IKE Statistics18IPsec Security Associations Available Network ServicesIPsec Security Associations SA table SRCLPD printing Table A-1LPD programs and protocols Requirements for configuring LPDAbout LPD Purpose of ProgramSet up print queues LPD setup overviewSet up IP parameters Print a test fileConfigure print queues for BSD-based systems LPD on Unix systemsUse SAM to configure print queues HP-UX systems Example jetdirect1LPD on Microsoft Windows Server 2003/2008 systems Print a test fileInstall TCP/IP software Verify the configuration Add LPR compatible printer windowPrint from Microsoft Windows clients Configure a network LPD printerLPD on Microsoft Windows XP systems Add Microsoft Windows optional networking componentsCreate an LPR port for an installed printer Click Start, Printers and FaxesFTP connections Print filesUse FTP printing Control connectionFTP login Data connectionCommand Description CommandsTable B-1User commands for HP Jetdirect FTP server End the FTP sessionExample FTP Session PORT1HP Jetdirect control panel menus V .xx.nn.xx Menu item Sub-menu item Values and Description Graphical control panel menusTable C-1HP Jetdirect EIO Menu on Graphical Control Panel SsidEnable Configure Keys Transmit KeyReset IPv4 Settings Config MethodIPv6 Settings Enable Manual SettingsDefault IP Dhcp RenewProxy Port DHCPv6 PolicyProxy Server Frame TypeSecurity Print Sec AppleTalk EnableReset Security IPsec or FirewallLAN HW Test Enable WipeCode Verification Http TestData Path Test TimeoutSnmp Test Select All TestsPackets Received Ping ResultsPackets Sent Percent LostLink Speed Print ProtocolsMenu Item Description Classic control panel EIO menusTable C-2HP Jetdirect EIO Menu on Classic Control Panel CFG NetworkCFG IPX/SPX Menu ItemWEB Firewall SecurityIpsec Code VerificationEnww Open source licensing statements GSOAPExpat XML Parser CURL Copyright and Permission NoticeGNU General Public License GNU General Public LicenseGNU General Public License Enww No Warranty END of Terms and Conditions GNU Lesser General Public License GNU Lesser General Public LicenseEnww Enww Enww Enww Enww GNU Lesser General Public License OpenSSL license OpenSSLOriginal SSLeay license OpenSSL Appendix D Open source licensing statements Index See also Gateway NDS Novram Error Total Packets Rcvd Enww Page  Hewlett-Packard Development Company, L.P
Related manuals
Manual 56 pages 58.74 Kb