1IPsec/Firewall Policy | HP 640n Print Server specification

Table 5-1IPsec/Firewall Policy page

Item	Description

Enable IPsec/Firewall	Select the check box to enable your IPsec or Firewall policy. Clear this check box to
or	disable IPsec/Firewall operation.
or
Enable Firewall

IPsec/Firewall Rules	Configure up to ten rules in descending order of precedence. For example, Rule 1 is
	higher in precedence than Rule 2.
	Define each rule using the following fields:
	●	Enable Select whether a configured rule is enabled or disabled for the policy.
	●	Address Template Set the IP addresses for which the rule applies. Select
		among several predefined templates, or specify a custom template. Click on a
		template entry to view or modify the template configuration.
	●	Services Template Identify the services for which the rule applies. Select
		among several predefined templates, or specify a custom template. Click on a
		template entry to view or modify the template configuration.
		CAUTION: If the All Services template for a rule is not specified, a security
		risk can exist. Future networking applications deployed after the IPsec Policy is
		in place might not be IPsec-protected unless the All Services template is used.
		For example, installing a third-party Chai service plug-in, or upgrading firmware
		for the printer or print server, can result in a new service that is not covered by
		the IPsec policy. Review policies whenever firmware is updated or a new Chai
		applet is installed.
	●	Action on Match Define how to process the IP traffic that contains the
		addresses and services specified.
		For Firewall operation, the traffic is allowed or dropped, depending on the action
		specified by the rule.
		For IPsec operation, the traffic is allowed without IPsec protection, dropped, or
		IPsec-protected using an IPsec template specified for the rule. Click on a
		template entry to view or modify the template configuration.

Default Rule	Indicate whether the default rule drops or allows the traffic. The default rule specifies
	whether to process IP packets that do not match the configured rules.
	Select Drop (default) to discard traffic not covered by the configured rules.
	Select Allow to allow traffic that is not covered by the configured rules. Allowing IP
	packets that do not match the configured rules is not secure.
	For an example, see Default Rule example on page 108.

Add Rules	Select Add Rules to configure rules using the IPsec wizard..
Delete Rules	Select Delete Rules to remove one or more rules from the policy.

Advanced	Configure a Failsafe feature to prevent lock out of the print server over HTTPS
	(secure Web browser access) during IPsec/Firewall policy set up.

You can allow selected multicast and broadcast traffic to bypass your IPsec/Firewall policy. This might be required for device discovery by system installation utilities.

ENWW

107

Image 117

HP 640n Print Server manual 1IPsec/Firewall Policy

Contents

HP Jetdirect Print Servers Page HP Jetdirect Print Servers Trademark Credits Table of contents Mac OS network installation IPX/SPX 105 121125 165 139 179 175193 211 Supported print servers Introducing the HP Jetdirect print server 2Supported network protocols Supported network protocols EAP/802.1X port-based authentication AuthenticationSecurity protocols Snmp IP and IPX Wireless print server authentication Supplied manualsIPsec/Firewall Firmware installation tools Firmware upgradesHP support HP online support Product registration Product accessibility 1Software Solutions HP Web Jetadmin see HP Web Jetadmin onOperating Environment Function Remarks HP software solutions summary HP Jetdirect Printer Installer for Unix HP Web JetadminSystem requirements Configure and modify a device Install HP Web Jetadmin softwareRemove HP Web Jetadmin software Verify HP Web Jetadmin installation and provide access Http// IPaddress /ipp/port# Microsoft-supplied software Novell-supplied software Mac OS network installationSoftware tools Use Bonjour Mac OS X Test the configuration Verify network configuration Enww IPv6 address introduction IPv6 configuration Link-local address IPv6 address configuration Stateless addresses Stateful addressesUse DNS IPv4 configuration Server-based and manual TCP/IP configuration IPv4Tools and utilities Default IP address IPv4 Default IP address is not assignedDefault IP address is assigned Default IPv4 address configuration options Default IP on wireless and wired print serversDefault IPv4 parameter Dhcp requests enable/disable TCP/IP configuration tools Default IPv4 behavior Use BOOTP/TFTP IPv4 Advantages of using BOOTP/TFTPConfigure the print server using BOOTP/TFTP on Unix Systems using network information service NIS Configure the Bootp serverBootptab file entries IPv4 RFC Description 1Tags supported in a BOOTP/DHCP boot file Tftp configuration file entries IPv4 2TFTP configuration file parameters Example HP Jetdirect Tftp configuration fileGeneral TCP/IP Main TCP/IP Print Options Ipp-printing or ipp-config,ipp Ftp-printing or ftp-config,ftpLpd-printing or lpd-config,lpd Defaultq TCP/IP Access Control TCP/IP Other SettingsTCP/IP Raw Print Ports Slp-keep-alive Bonjour-configSlp-client-mode Syslog-protocol User-timeout or telnet-timeout Idle-timeoutCold-reset Icmp-ts-config Default-ip-dhcp Default-ipSnmp-config Auth-trap or authentication-trap Trap-dest or trap-destination Ipx-config or ipx/spxTrap-dest ip-address community name port number Ipx-unit-name AppleTalk Other Settings Use Dhcp IPv4 Unix systemsSupport Discontinue Dhcp configuration Use Rarp IPv4Microsoft Windows systems Laserjet1 Use the arp and ping commands IPv4 Arp -s IP address LAN hardware address Ping IP address Use Telnet IPv4 Typical Telnet session Create a Telnet connection Telnet user interface options Telnet command line interface default Command Description User Control Commands 3Telnet Commands and Parameters Wireless 802.11 Main Ampdu Aggregation Passphrase commandNetwork-type Desired-ssid Psk-passphrase Dot11-switch-timeEncryption Wep-key-method Roam-threshold Wireless Diagnostics00a0f8387af7 Host-name Tftp Server Ipsec-config Firewall-configTftp Filename Hpnp/printer1.cfg Printer1.support.hp.com Domain-name support.hp.comPri-dns-svr Pri-wins-svr TCP/IP LPD Queues Allow TCP/IP OtherSyslog-svr Bonjour Domain Name To 1440 Enable Ftp-download User-timeout Ews-config Gw-disableTcp-mss TCP/IP Diagnostics Snmp Traps Ipx-mode PhasePjl-banner Ipx-banner Other 1000t-ms-conf 1000t-pause-confNetwork-select Web JetAdmin Name Web JetAdmin URLMenu Interface Support-contact Use Telnet to remove an IP address 1Example Using the Menu Interface Use the HP Embedded Web Server Use the printer control panelMove to another network IPv4 Enww HP Embedded Web Server V .xx.nn.xx Requirements Supported HP Web Jetadmin versionView the HP Embedded Web Server Compatible Web browsers View the HP Embedded Web Server HP Jetdirect Home tab Operating notes1HP Jetdirect Home Page Items Device tabs Networking tab Configuration section Wireless StationDiagnostics section 2Networking Menu Items 3Wireless Station configuration parameters Refresh Network Name SsidAd Hoc Network peer-to-peer Channel WEP Enterprise WPA WiFi Protected Access WPA-PersonalHpSecureNetwork WPA-Enterprise Restore Defaults TCP/IP Settings Summary tab4TCP/IP Summary tab 5TCP/IP Network Identification tab Network Identification tab 6TCP/IPv4 tab TCP/IPv4 tab 7TCP/IPv6 tab TCP/IPv6 tab 8TCP/IP Config Precedence tab Config Precedence tab 9TCP/IP Advanced tab Advanced tab Disable Proxy Server PasswordDefault IP Manually Configured 10IPX/SPX tab settings Network Settings AppleTalk AppleTalk Enable 11AppleTalk tab settingsAppleTalk Name Type 12SNMP tab settings Other Settings Misc. Settings13Miscellaneous Settings Web Services Print Certificate Mgmt ServiceLink settings Locally Administered Address Service Firmware UpgradeLPD Queues Bonjour Highest Priority Queue Name 14LPD Queues tab settingsPrepend String Name Append String Name Queue Type Default Queue NameRaw or text String Name Select Language Security Settings Security Level Description Basic Security 15Wizard Security Levels Security Level Description Enhanced Security Restore DefaultsRecommended Custom Security Admin. Account AuthorizationPrinter Password Synchronization Certificates 16Certificate configuration screens Configure certificates Certificate Validity Period Install CertificateEncryption Key Length Certificate Information Install Certificate or Install CA Certificate screens ExamplesDomain Name myprinter.mydepartment.mycompany.com Examples Access Control Mgmt. Protocols Web MgmtSnmp Enable Print Services Enable Print ProtocolsOther 17Other protocols Enable Device Discovery 802.1X AuthenticationMight be disabled without notification Naming Resolution 18802.1X configuration settings Device Announcement Agent Other Links Enww IPsec/Firewall configuration V .xx.nn.xx 1Firewall Policy 1IPsec/Firewall Policy All IPv4 Addresses All Jetdirect Print Services Default Rule exampleIPsec security associations SA HP Jetdirect IPsec/Firewall wizard Limitations to rules, templates and services 2Limitations to rules, templates and servicesLimit Create Address Template Specify Address Template Create Service Template Specify Service Template4Create Service Template 3Create Address Template Manage Custom Services Manage Services5Manage Services 6Manage Custom Services Specify IPsec/Firewall Template Specify Action Identity Authentication Create IPsec Template7Create IPsec Template Kerberos 8Identity AuthenticationCertificates Certificates on Kerberos Settings 10Kerberos Settings9Kerberos IKEv1/IKEv2 Phase 1 Authentication IKEv1/IKEv2 Phase 2 / Quick Mode IPsec Protocols11IKEv1/IKEv2 Phase 1 Authentication 12IKEv1/IKEv2 Phase 2 / Quick Mode Settings IPsec Protocols Advanced IKE Settings13Advanced IKE Settings IPsec Protocols Manual Keys 14IPsec Protocols Manual Keys Manual Keys15Manual Keys Value for an SA to use for packets received by the device Authentication Configure Microsoft Windows systemsRule Summary Key Format IP Administrator Password 1Summary of HP Jetdirect security featuresSecure Embedded Web Server Management IPsec/Firewall Authentication and Encryption IPv4 Access Control ListTelnet Control IPv4/IPv6 Snmp v1/v2c Set Community Name IP/IPX HP Web Jetadmin IPv4 Password and Profiles Configuration Precedence TablePrinter Control Panel Lock 2Settings for Access Control Limit access to security featuresMedium High Troubleshoot the HP Jetdirect print server Example Cold reset using the service menu Reset to factory defaults Reset to factory defaults Disable an HP Jetdirect embedded print server V .xx.nn.xx Troubleshooting chart assess the problem General troubleshooting Procedure 2 Print an HP Jetdirect configuration Procedure 1 Verify the printer is on and online Procedure 3 Resolve printer display error messages Procedure 4 Resolve printer network communication problems Telnet IP address port Enww Troubleshooting wireless print servers Unable to communicate during initial setupUnable to communicate after initial setup My configured channel does not match the configuration Improving reception and performance SymptomsFirmware download failure Corrective actions Enww HP Jetdirect configuration pages Status field error messages HP Jetdirect configurationConfiguration page format 1Configuration Page Sections HP Jetdirect Configuration/General Information Configuration page messages2HP Jetdirect Configuration/General Information MessageDescription Message Description Wireless station settings 3802.11 Wireless station settings Security Settings IPsec Admin PasswordFirewall Cert Expires Total Packets Received Network StatisticsUnicast Packets Received BAD Packets Received TCP/IP configuration information TCP/IP protocol informationIPv4 section Config by Default GatewayIP Address Subnet Mask IPv4 Section IPv6 section IPX/SPX configuration information IPX/SPX protocol informationIPv6 Section Novell/NetWare parameters AppleTalk protocol informationCN=ljpserver.OU=support.OU=mycity.OU=mycompany 11 AppleTalk configuration information Error messages12 DLC/LLC configuration information DLC/LLC protocol information Error Code and Message Description 13Error messages LAN Error no Linkbeat LAN Error Retry FaultsNetwork Reconfig Must Reboot Disconnected Unable to SET Password Unable to LoginDisconnecting SPX Timeout 2C NDS Authentication 2B NDS ERR Unable to LoginError Error NDS PS Printer List Error 4D CF ERR Access List Novram Error4F Tftp Remote Error Tftp Local Error BAD Bootp TAG Size BAD BOOTP/DHCP ReplyBOOTP/RARP in Progress BOOTP/DHCP in Progress Adjusted Dhcp Lease TimersHP Jetdirect Security Trying to Connect to 14General Information 2HP Jetdirect Security Current IPsec status IPsec Error Log Local IP addressesIPsec Statistics IPsec Rules IKE Stats16IPsec statistics 17IKE Statistics IPsec Security Associations SA table Available Network Services18IPsec Security Associations SRC LPD printing About LPD Requirements for configuring LPDTable A-1LPD programs and protocols Purpose of Program Set up IP parameters LPD setup overviewSet up print queues Print a test file LPD on Unix systems Configure print queues for BSD-based systems Example jetdirect1 Use SAM to configure print queues HP-UX systems Print a test file LPD on Microsoft Windows Server 2003/2008 systems Install TCP/IP software Add LPR compatible printer window Verify the configuration LPD on Microsoft Windows XP systems Configure a network LPD printerPrint from Microsoft Windows clients Add Microsoft Windows optional networking components Click Start, Printers and Faxes Create an LPR port for an installed printer Use FTP printing Print filesFTP connections Control connection Data connection FTP login Table B-1User commands for HP Jetdirect FTP server CommandsCommand Description End the FTP session PORT1 Example FTP Session HP Jetdirect control panel menus V .xx.nn.xx Table C-1HP Jetdirect EIO Menu on Graphical Control Panel Graphical control panel menusMenu item Sub-menu item Values and Description Ssid Reset Configure Keys Transmit KeyEnable IPv4 Settings Config Method Default IP Manual SettingsIPv6 Settings Enable Dhcp Renew Proxy Server DHCPv6 PolicyProxy Port Frame Type Reset Security AppleTalk EnableSecurity Print Sec IPsec or Firewall Code Verification Enable WipeLAN HW Test Http Test Snmp Test TimeoutData Path Test Select All Tests Packets Sent Ping ResultsPackets Received Percent Lost Print Protocols Link Speed Table C-2HP Jetdirect EIO Menu on Classic Control Panel Classic control panel EIO menusMenu Item Description CFG Network Menu Item CFG IPX/SPXWEB Ipsec SecurityFirewall Code Verification Enww GSOAP Open source licensing statements Expat XML Parser Copyright and Permission Notice CURL GNU General Public License GNU General Public License GNU General Public License Enww No Warranty END of Terms and Conditions GNU Lesser General Public License GNU Lesser General Public License Enww Enww Enww Enww Enww GNU Lesser General Public License OpenSSL OpenSSL licenseOriginal SSLeay license OpenSSL Appendix D Open source licensing statements Index See also Gateway NDS Novram Error Total Packets Rcvd Enww Page Hewlett-Packard Development Company, L.P