Default Rule example

The following illustrates the print server behavior depending on whether the default rule is set to Allow or Drop (default).

IPsec Policy Configuration Example: IPsec is enabled on the print server with the following rule:

All IPv4 Addresses

All Jetdirect Print Services

A simple IPsec template for these addresses and services is configured. If the Default Rule is set to Allow, then:

An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 is not processed (dropped) because it violates the configured rule.

An IP packet that is not IPsec-protected, but with an IPv4 address to a service port other than port 9100 (such as Telnet), is allowed and processed.

If the Default Rule is set to Drop, then:

An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 is not processed (dropped) because it violates the configured rule.

An IPsec packet with IPv4 address directed to printing port 9100 is allowed and processed because it matches the rule.

A non-IPsec packet with IPv4 address to the Telnet port is dropped because it violates the default rule.

IPsec security associations (SA)

If a packet is IPsec-protected, there must be an IPsec security association (SA) for it. A security association defines how an IP packet from one host to another is protected. Among many things, it defines the IPsec protocol to use, the authentication and encryption keys, and duration of key use.

An IPsec SA is unidirectional. A host can have an inbound SA and an outbound SA associated with particular IP packet protocols and services, and the IPsec protocol used to protect them.

When properly configured, the IPsec rules define the security associations for IP traffic to and from the HP Jetdirect print server and can ensure all traffic is secure.

HP Jetdirect IPsec/Firewall wizard

Use the IPsec/Firewall wizard to create one or more rules to be applied to IP traffic. Click Add Rules to start the IPsec/Firewall wizard.

108 Chapter 5 IPsec/Firewall configuration (V.45.xx.nn.xx)

ENWW

Page 118
Image 118
HP 640n Print Server manual Default Rule example, IPsec security associations SA, HP Jetdirect IPsec/Firewall wizard