Default Rule example | HP 640n Print Server specs

Default Rule example

The following illustrates the print server behavior depending on whether the default rule is set to Allow or Drop (default).

IPsec Policy Configuration Example: IPsec is enabled on the print server with the following rule:

●All IPv4 Addresses

●All Jetdirect Print Services

●A simple IPsec template for these addresses and services is configured. If the Default Rule is set to Allow, then:

●An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 is not processed (dropped) because it violates the configured rule.

●An IP packet that is not IPsec-protected, but with an IPv4 address to a service port other than port 9100 (such as Telnet), is allowed and processed.

If the Default Rule is set to Drop, then:

●An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 is not processed (dropped) because it violates the configured rule.

●An IPsec packet with IPv4 address directed to printing port 9100 is allowed and processed because it matches the rule.

●A non-IPsec packet with IPv4 address to the Telnet port is dropped because it violates the default rule.

IPsec security associations (SA)

If a packet is IPsec-protected, there must be an IPsec security association (SA) for it. A security association defines how an IP packet from one host to another is protected. Among many things, it defines the IPsec protocol to use, the authentication and encryption keys, and duration of key use.

An IPsec SA is unidirectional. A host can have an inbound SA and an outbound SA associated with particular IP packet protocols and services, and the IPsec protocol used to protect them.

When properly configured, the IPsec rules define the security associations for IP traffic to and from the HP Jetdirect print server and can ensure all traffic is secure.

HP Jetdirect IPsec/Firewall wizard

Use the IPsec/Firewall wizard to create one or more rules to be applied to IP traffic. Click Add Rules to start the IPsec/Firewall wizard.

108 Chapter 5 IPsec/Firewall configuration (V.45.xx.nn.xx)

ENWW

Image 118

HP 640n Print Server manual Default Rule example, IPsec security associations SA, HP Jetdirect IPsec/Firewall wizard

Contents

HP Jetdirect Print Servers Page HP Jetdirect Print Servers Trademark Credits Table of contents Mac OS network installation IPX/SPX 121 105125 139 165 193 175179 211 Introducing the HP Jetdirect print server Supported print servers Supported network protocols 2Supported network protocols Security protocols AuthenticationEAP/802.1X port-based authentication Snmp IP and IPX Supplied manuals Wireless print server authenticationIPsec/Firewall HP support Firmware upgradesFirmware installation tools HP online support Product accessibility Product registration HP Web Jetadmin see HP Web Jetadmin on 1Software SolutionsOperating Environment Function Remarks HP software solutions summary HP Web Jetadmin HP Jetdirect Printer Installer for UnixSystem requirements Remove HP Web Jetadmin software Install HP Web Jetadmin softwareConfigure and modify a device Verify HP Web Jetadmin installation and provide access Microsoft-supplied software Http// IPaddress /ipp/port# Software tools Mac OS network installationNovell-supplied software Use Bonjour Mac OS X Verify network configuration Test the configuration Enww IPv6 configuration IPv6 address introduction IPv6 address configuration Link-local address Stateful addresses Stateless addressesUse DNS Server-based and manual TCP/IP configuration IPv4 IPv4 configurationTools and utilities Default IP address is not assigned Default IP address IPv4Default IP address is assigned Default IPv4 parameter Default IP on wireless and wired print serversDefault IPv4 address configuration options Dhcp requests enable/disable Default IPv4 behavior TCP/IP configuration tools Advantages of using BOOTP/TFTP Use BOOTP/TFTP IPv4Configure the print server using BOOTP/TFTP on Unix Configure the Bootp server Systems using network information service NISBootptab file entries IPv4 1Tags supported in a BOOTP/DHCP boot file RFC Description Tftp configuration file entries IPv4 Example HP Jetdirect Tftp configuration file 2TFTP configuration file parametersGeneral TCP/IP Main TCP/IP Print Options Lpd-printing or lpd-config,lpd Ftp-printing or ftp-config,ftpIpp-printing or ipp-config,ipp Defaultq TCP/IP Other Settings TCP/IP Access ControlTCP/IP Raw Print Ports Slp-client-mode Bonjour-configSlp-keep-alive Syslog-protocol Cold-reset Idle-timeoutUser-timeout or telnet-timeout Icmp-ts-config Snmp-config Default-ipDefault-ip-dhcp Auth-trap or authentication-trap Trap-dest ip-address community name port number Ipx-config or ipx/spxTrap-dest or trap-destination Ipx-unit-name Other Settings AppleTalk Unix systems Use Dhcp IPv4Support Use Rarp IPv4 Discontinue Dhcp configurationMicrosoft Windows systems Use the arp and ping commands IPv4 Laserjet1 Use Telnet IPv4 Arp -s IP address LAN hardware address Ping IP address Create a Telnet connection Typical Telnet session Telnet command line interface default Telnet user interface options 3Telnet Commands and Parameters Command Description User Control Commands Wireless 802.11 Main Network-type Passphrase commandAmpdu Aggregation Desired-ssid Encryption Dot11-switch-timePsk-passphrase Wep-key-method 00a0f8387af7 Wireless DiagnosticsRoam-threshold Host-name Tftp Filename Ipsec-config Firewall-configTftp Server Hpnp/printer1.cfg Pri-dns-svr Domain-name support.hp.comPrinter1.support.hp.com Pri-wins-svr TCP/IP LPD Queues TCP/IP Other AllowSyslog-svr To 1440 Enable Bonjour Domain Name User-timeout Ftp-download Gw-disable Ews-configTcp-mss TCP/IP Diagnostics Snmp Traps Pjl-banner PhaseIpx-mode Ipx-banner Other 1000t-pause-conf 1000t-ms-confNetwork-select Menu Interface Web JetAdmin URLWeb JetAdmin Name Support-contact 1Example Using the Menu Interface Use Telnet to remove an IP address Use the printer control panel Use the HP Embedded Web ServerMove to another network IPv4 Enww HP Embedded Web Server V .xx.nn.xx View the HP Embedded Web Server Supported HP Web Jetadmin versionRequirements Compatible Web browsers View the HP Embedded Web Server Operating notes HP Jetdirect Home tab1HP Jetdirect Home Page Items Networking tab Device tabs Diagnostics section Wireless StationConfiguration section 2Networking Menu Items 3Wireless Station configuration parameters Ad Hoc Network peer-to-peer Network Name SsidRefresh Channel WEP Enterprise WPA-Personal WPA WiFi Protected AccessHpSecureNetwork Restore Defaults WPA-Enterprise Summary tab TCP/IP Settings4TCP/IP Summary tab Network Identification tab 5TCP/IP Network Identification tab TCP/IPv4 tab 6TCP/IPv4 tab TCP/IPv6 tab 7TCP/IPv6 tab Config Precedence tab 8TCP/IP Config Precedence tab Advanced tab 9TCP/IP Advanced tab Default IP Proxy Server PasswordDisable Manually Configured Network Settings 10IPX/SPX tab settings AppleTalk AppleTalk Name 11AppleTalk tab settingsAppleTalk Enable Type 12SNMP tab settings Misc. Settings Other Settings13Miscellaneous Settings Link settings Certificate Mgmt ServiceWeb Services Print Locally Administered Address LPD Queues Firmware UpgradeService Bonjour Highest Priority Prepend String Name 14LPD Queues tab settingsQueue Name Append String Name Raw or text Default Queue NameQueue Type String Name Security Settings Select Language 15Wizard Security Levels Security Level Description Basic Security Recommended Restore DefaultsSecurity Level Description Enhanced Security Custom Security Printer Password Synchronization AuthorizationAdmin. Account Certificates Configure certificates 16Certificate configuration screens Encryption Key Length Install CertificateCertificate Validity Period Certificate Information Examples Install Certificate or Install CA Certificate screensDomain Name myprinter.mydepartment.mycompany.com Access Control Examples Web Mgmt Mgmt. ProtocolsSnmp Other Enable Print ProtocolsEnable Print Services 17Other protocols Might be disabled without notification 802.1X AuthenticationEnable Device Discovery Naming Resolution 18802.1X configuration settings Device Announcement Agent Other Links Enww IPsec/Firewall configuration V .xx.nn.xx 1Firewall Policy 1IPsec/Firewall Policy IPsec security associations SA Default Rule exampleAll IPv4 Addresses All Jetdirect Print Services HP Jetdirect IPsec/Firewall wizard 2Limitations to rules, templates and services Limitations to rules, templates and servicesLimit Specify Address Template Create Address Template 4Create Service Template Specify Service TemplateCreate Service Template 3Create Address Template 5Manage Services Manage ServicesManage Custom Services 6Manage Custom Services Specify Action Specify IPsec/Firewall Template Create IPsec Template Identity Authentication7Create IPsec Template Certificates 8Identity AuthenticationKerberos Certificates on 10Kerberos Settings Kerberos Settings9Kerberos IKEv1/IKEv2 Phase 2 / Quick Mode IPsec Protocols IKEv1/IKEv2 Phase 1 Authentication11IKEv1/IKEv2 Phase 1 Authentication 13Advanced IKE Settings Advanced IKE Settings12IKEv1/IKEv2 Phase 2 / Quick Mode Settings IPsec Protocols IPsec Protocols Manual Keys 15Manual Keys Manual Keys14IPsec Protocols Manual Keys Value for an SA to use for packets received by the device Rule Summary Configure Microsoft Windows systemsAuthentication Key Format Secure Embedded Web Server Management 1Summary of HP Jetdirect security featuresIP Administrator Password IPsec/Firewall Telnet Control IPv4 Access Control ListAuthentication and Encryption IPv4/IPv6 Snmp v1/v2c Set Community Name IP/IPX Configuration Precedence Table HP Web Jetadmin IPv4 Password and ProfilesPrinter Control Panel Lock Medium Limit access to security features2Settings for Access Control High Troubleshoot the HP Jetdirect print server Reset to factory defaults Example Cold reset using the service menu Reset to factory defaults Disable an HP Jetdirect embedded print server V .xx.nn.xx General troubleshooting Troubleshooting chart assess the problem Procedure 1 Verify the printer is on and online Procedure 2 Print an HP Jetdirect configuration Procedure 3 Resolve printer display error messages Procedure 4 Resolve printer network communication problems Telnet IP address port Enww Unable to communicate during initial setup Troubleshooting wireless print serversUnable to communicate after initial setup My configured channel does not match the configuration Firmware download failure SymptomsImproving reception and performance Corrective actions Enww HP Jetdirect configuration pages Configuration page format HP Jetdirect configurationStatus field error messages 1Configuration Page Sections 2HP Jetdirect Configuration/General Information Configuration page messagesHP Jetdirect Configuration/General Information MessageDescription Wireless station settings Message Description 3802.11 Wireless station settings Security Settings Firewall Admin PasswordIPsec Cert Expires Unicast Packets Received Network StatisticsTotal Packets Received BAD Packets Received TCP/IP protocol information TCP/IP configuration informationIPv4 section IP Address Default GatewayConfig by Subnet Mask IPv6 section IPv4 Section IPX/SPX protocol information IPX/SPX configuration informationIPv6 Section AppleTalk protocol information Novell/NetWare parametersCN=ljpserver.OU=support.OU=mycity.OU=mycompany 12 DLC/LLC configuration information Error messages11 AppleTalk configuration information DLC/LLC protocol information 13Error messages Error Code and Message Description Network Reconfig Must LAN Error Retry FaultsLAN Error no Linkbeat Reboot Disconnected Disconnecting SPX Unable to LoginUnable to SET Password Timeout Error 2B NDS ERR Unable to Login2C NDS Authentication Error NDS PS Printer List Error 4F Tftp Remote Error Novram Error4D CF ERR Access List Tftp Local Error BOOTP/RARP in Progress BAD BOOTP/DHCP ReplyBAD Bootp TAG Size BOOTP/DHCP in Progress HP Jetdirect Security Dhcp Lease TimersAdjusted Trying to Connect to 2HP Jetdirect Security 14General Information Current IPsec status Local IP addresses IPsec Error LogIPsec Statistics 16IPsec statistics IKE StatsIPsec Rules 17IKE Statistics 18IPsec Security Associations Available Network ServicesIPsec Security Associations SA table SRC LPD printing Table A-1LPD programs and protocols Requirements for configuring LPDAbout LPD Purpose of Program Set up print queues LPD setup overviewSet up IP parameters Print a test file Configure print queues for BSD-based systems LPD on Unix systems Use SAM to configure print queues HP-UX systems Example jetdirect1 LPD on Microsoft Windows Server 2003/2008 systems Print a test file Install TCP/IP software Verify the configuration Add LPR compatible printer window Print from Microsoft Windows clients Configure a network LPD printerLPD on Microsoft Windows XP systems Add Microsoft Windows optional networking components Create an LPR port for an installed printer Click Start, Printers and Faxes FTP connections Print filesUse FTP printing Control connection FTP login Data connection Command Description CommandsTable B-1User commands for HP Jetdirect FTP server End the FTP session Example FTP Session PORT1 HP Jetdirect control panel menus V .xx.nn.xx Menu item Sub-menu item Values and Description Graphical control panel menusTable C-1HP Jetdirect EIO Menu on Graphical Control Panel Ssid Enable Configure Keys Transmit KeyReset IPv4 Settings Config Method IPv6 Settings Enable Manual SettingsDefault IP Dhcp Renew Proxy Port DHCPv6 PolicyProxy Server Frame Type Security Print Sec AppleTalk EnableReset Security IPsec or Firewall LAN HW Test Enable WipeCode Verification Http Test Data Path Test TimeoutSnmp Test Select All Tests Packets Received Ping ResultsPackets Sent Percent Lost Link Speed Print Protocols Menu Item Description Classic control panel EIO menusTable C-2HP Jetdirect EIO Menu on Classic Control Panel CFG Network CFG IPX/SPX Menu ItemWEB Firewall SecurityIpsec Code Verification Enww Open source licensing statements GSOAP Expat XML Parser CURL Copyright and Permission Notice GNU General Public License GNU General Public License GNU General Public License Enww No Warranty END of Terms and Conditions GNU Lesser General Public License GNU Lesser General Public License Enww Enww Enww Enww Enww GNU Lesser General Public License OpenSSL license OpenSSLOriginal SSLeay license OpenSSL Appendix D Open source licensing statements Index See also Gateway NDS Novram Error Total Packets Rcvd Enww Page Hewlett-Packard Development Company, L.P