Limitations to rules, templates and services | HP 640n Print Server

Enter up to ten rules, each rule specifying the host addresses, services, and the action to take for those addresses and services. Depending on whether IPsec is supported by the print server and device, the following actions are available:

●Allow traffic. If IPsec/Firewall is supported, allow IP traffic that is not protected by the IPsec/ Firewall policy.

●Drop traffic. Do not process (discard) the specified IP traffic.

●Require traffic to be protected with the IPsec/Firewall policy. You are prompted to configure an IPsec template indicating the IPsec authentication/encryption settings to apply to the specified IP traffic.

See the following illustration.

Figure 5-3Use the IPsec Wizard to configure rules

HP Jetdirect

IPsec/Firewall Policy

IPsec/Firewall Rules

...

Use the IPsec/Firewall Wizard

to Configure Each Rule

	Rule 1			{

			Step 1, select:	Step 2, select:	Step 3, select:
			Step 1, select:	Step 2, select:	Allow, Drop, or
			Addresses1	Services1	Allow, Drop, or
			Addresses1	Services1	Protect with IPsec1
					Protect with IPsec1


			Step 1, select:	Step 2, select:	Step 3, select:
	Rule 2		Step 1, select:	Step 2, select:	Allow, Drop, or
			Addresses2	Services2	Allow, Drop, or
			Addresses2	Services2	Protect with IPsec2
					Protect with IPsec2
				...
				...

Limitations to rules, templates and services

Limitations to rules, templates, and services are summarized in the following table.

Table 5-2Limitations to rules, templates and services

Item	Limit

Maximum number of rules.	10

Maximum number of Address Templates.	8
Note the following:

●All IP Addresses Results in two (2) address template rules. One for all IPv4 addresses, and another for all IPv6 addresses.

●All non link local IPv6 Results in four (4) address template rules:

◦:: to FE7F:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF for both local and remote addresses

◦:: to FE7F:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF for local addresses

FE81:: to FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF for remote addresses

ENWW	HP Jetdirect IPsec/Firewall wizard 109

Image 119

HP 640n Print Server manual 2Limitations to rules, templates and services

Contents

HP Jetdirect Print Servers Page HP Jetdirect Print Servers Trademark Credits Table of contents Mac OS network installation IPX/SPX 125 105121 165 139 211 175179 193 Supported print servers Introducing the HP Jetdirect print server 2Supported network protocols Supported network protocols Snmp IP and IPX AuthenticationEAP/802.1X port-based authentication Security protocols IPsec/Firewall Wireless print server authenticationSupplied manuals HP online support Firmware upgradesFirmware installation tools HP support Product registration Product accessibility Operating Environment Function Remarks 1Software SolutionsHP Web Jetadmin see HP Web Jetadmin on HP software solutions summary System requirements HP Jetdirect Printer Installer for UnixHP Web Jetadmin Verify HP Web Jetadmin installation and provide access Install HP Web Jetadmin softwareConfigure and modify a device Remove HP Web Jetadmin software Http// IPaddress /ipp/port# Microsoft-supplied software Use Bonjour Mac OS X Mac OS network installationNovell-supplied software Software tools Test the configuration Verify network configuration Enww IPv6 address introduction IPv6 configuration Link-local address IPv6 address configuration Use DNS Stateless addressesStateful addresses Tools and utilities IPv4 configurationServer-based and manual TCP/IP configuration IPv4 Default IP address is assigned Default IP address IPv4Default IP address is not assigned Dhcp requests enable/disable Default IP on wireless and wired print serversDefault IPv4 address configuration options Default IPv4 parameter TCP/IP configuration tools Default IPv4 behavior Configure the print server using BOOTP/TFTP on Unix Use BOOTP/TFTP IPv4Advantages of using BOOTP/TFTP Bootptab file entries IPv4 Systems using network information service NISConfigure the Bootp server RFC Description 1Tags supported in a BOOTP/DHCP boot file Tftp configuration file entries IPv4 General 2TFTP configuration file parametersExample HP Jetdirect Tftp configuration file TCP/IP Main TCP/IP Print Options Defaultq Ftp-printing or ftp-config,ftpIpp-printing or ipp-config,ipp Lpd-printing or lpd-config,lpd TCP/IP Raw Print Ports TCP/IP Access ControlTCP/IP Other Settings Syslog-protocol Bonjour-configSlp-keep-alive Slp-client-mode Icmp-ts-config Idle-timeoutUser-timeout or telnet-timeout Cold-reset Auth-trap or authentication-trap Default-ipDefault-ip-dhcp Snmp-config Ipx-unit-name Ipx-config or ipx/spxTrap-dest or trap-destination Trap-dest ip-address community name port number AppleTalk Other Settings Support Use Dhcp IPv4Unix systems Microsoft Windows systems Discontinue Dhcp configurationUse Rarp IPv4 Laserjet1 Use the arp and ping commands IPv4 Arp -s IP address LAN hardware address Ping IP address Use Telnet IPv4 Typical Telnet session Create a Telnet connection Telnet user interface options Telnet command line interface default Command Description User Control Commands 3Telnet Commands and Parameters Wireless 802.11 Main Desired-ssid Passphrase commandAmpdu Aggregation Network-type Wep-key-method Dot11-switch-timePsk-passphrase Encryption Host-name Wireless DiagnosticsRoam-threshold 00a0f8387af7 Hpnp/printer1.cfg Ipsec-config Firewall-configTftp Server Tftp Filename Pri-wins-svr Domain-name support.hp.comPrinter1.support.hp.com Pri-dns-svr TCP/IP LPD Queues Syslog-svr AllowTCP/IP Other Bonjour Domain Name To 1440 Enable Ftp-download User-timeout Tcp-mss Ews-configGw-disable TCP/IP Diagnostics Snmp Traps Ipx-banner PhaseIpx-mode Pjl-banner Other Network-select 1000t-ms-conf1000t-pause-conf Support-contact Web JetAdmin URLWeb JetAdmin Name Menu Interface Use Telnet to remove an IP address 1Example Using the Menu Interface Move to another network IPv4 Use the HP Embedded Web ServerUse the printer control panel Enww HP Embedded Web Server V .xx.nn.xx Compatible Web browsers Supported HP Web Jetadmin versionRequirements View the HP Embedded Web Server View the HP Embedded Web Server 1HP Jetdirect Home Page Items HP Jetdirect Home tabOperating notes Device tabs Networking tab 2Networking Menu Items Wireless StationConfiguration section Diagnostics section 3Wireless Station configuration parameters Channel Network Name SsidRefresh Ad Hoc Network peer-to-peer WEP Enterprise HpSecureNetwork WPA WiFi Protected AccessWPA-Personal WPA-Enterprise Restore Defaults 4TCP/IP Summary tab TCP/IP SettingsSummary tab 5TCP/IP Network Identification tab Network Identification tab 6TCP/IPv4 tab TCP/IPv4 tab 7TCP/IPv6 tab TCP/IPv6 tab 8TCP/IP Config Precedence tab Config Precedence tab 9TCP/IP Advanced tab Advanced tab Manually Configured Proxy Server PasswordDisable Default IP 10IPX/SPX tab settings Network Settings AppleTalk Type 11AppleTalk tab settingsAppleTalk Enable AppleTalk Name 12SNMP tab settings 13Miscellaneous Settings Other SettingsMisc. Settings Locally Administered Address Certificate Mgmt ServiceWeb Services Print Link settings Bonjour Highest Priority Firmware UpgradeService LPD Queues Append String Name 14LPD Queues tab settingsQueue Name Prepend String Name String Name Default Queue NameQueue Type Raw or text Select Language Security Settings Security Level Description Basic Security 15Wizard Security Levels Custom Security Restore DefaultsSecurity Level Description Enhanced Security Recommended Certificates AuthorizationAdmin. Account Printer Password Synchronization 16Certificate configuration screens Configure certificates Certificate Information Install CertificateCertificate Validity Period Encryption Key Length Domain Name myprinter.mydepartment.mycompany.com Install Certificate or Install CA Certificate screensExamples Examples Access Control Snmp Mgmt. ProtocolsWeb Mgmt 17Other protocols Enable Print ProtocolsEnable Print Services Other Naming Resolution 802.1X AuthenticationEnable Device Discovery Might be disabled without notification 18802.1X configuration settings Device Announcement Agent Other Links Enww IPsec/Firewall configuration V .xx.nn.xx 1Firewall Policy 1IPsec/Firewall Policy HP Jetdirect IPsec/Firewall wizard Default Rule exampleAll IPv4 Addresses All Jetdirect Print Services IPsec security associations SA Limit Limitations to rules, templates and services2Limitations to rules, templates and services Create Address Template Specify Address Template 3Create Address Template Specify Service TemplateCreate Service Template 4Create Service Template 6Manage Custom Services Manage ServicesManage Custom Services 5Manage Services Specify IPsec/Firewall Template Specify Action 7Create IPsec Template Identity AuthenticationCreate IPsec Template Certificates on 8Identity AuthenticationKerberos Certificates 9Kerberos Kerberos Settings10Kerberos Settings 11IKEv1/IKEv2 Phase 1 Authentication IKEv1/IKEv2 Phase 1 AuthenticationIKEv1/IKEv2 Phase 2 / Quick Mode IPsec Protocols IPsec Protocols Manual Keys Advanced IKE Settings12IKEv1/IKEv2 Phase 2 / Quick Mode Settings IPsec Protocols 13Advanced IKE Settings Value for an SA to use for packets received by the device Manual Keys14IPsec Protocols Manual Keys 15Manual Keys Key Format Configure Microsoft Windows systemsAuthentication Rule Summary IPsec/Firewall 1Summary of HP Jetdirect security featuresIP Administrator Password Secure Embedded Web Server Management IPv4/IPv6 Snmp v1/v2c Set Community Name IP/IPX IPv4 Access Control ListAuthentication and Encryption Telnet Control Printer Control Panel Lock HP Web Jetadmin IPv4 Password and ProfilesConfiguration Precedence Table High Limit access to security features2Settings for Access Control Medium Troubleshoot the HP Jetdirect print server Example Cold reset using the service menu Reset to factory defaults Reset to factory defaults Disable an HP Jetdirect embedded print server V .xx.nn.xx Troubleshooting chart assess the problem General troubleshooting Procedure 2 Print an HP Jetdirect configuration Procedure 1 Verify the printer is on and online Procedure 3 Resolve printer display error messages Procedure 4 Resolve printer network communication problems Telnet IP address port Enww Unable to communicate after initial setup Troubleshooting wireless print serversUnable to communicate during initial setup My configured channel does not match the configuration Corrective actions SymptomsImproving reception and performance Firmware download failure Enww HP Jetdirect configuration pages 1Configuration Page Sections HP Jetdirect configurationStatus field error messages Configuration page format MessageDescription Configuration page messagesHP Jetdirect Configuration/General Information 2HP Jetdirect Configuration/General Information Message Description Wireless station settings 3802.11 Wireless station settings Security Settings Cert Expires Admin PasswordIPsec Firewall BAD Packets Received Network StatisticsTotal Packets Received Unicast Packets Received IPv4 section TCP/IP configuration informationTCP/IP protocol information Subnet Mask Default GatewayConfig by IP Address IPv4 Section IPv6 section IPv6 Section IPX/SPX configuration informationIPX/SPX protocol information CN=ljpserver.OU=support.OU=mycity.OU=mycompany Novell/NetWare parametersAppleTalk protocol information DLC/LLC protocol information Error messages11 AppleTalk configuration information 12 DLC/LLC configuration information Error Code and Message Description 13Error messages Reboot Disconnected LAN Error Retry FaultsLAN Error no Linkbeat Network Reconfig Must Timeout Unable to LoginUnable to SET Password Disconnecting SPX Error NDS PS Printer List Error 2B NDS ERR Unable to Login2C NDS Authentication Error Tftp Local Error Novram Error4D CF ERR Access List 4F Tftp Remote Error BOOTP/DHCP in Progress BAD BOOTP/DHCP ReplyBAD Bootp TAG Size BOOTP/RARP in Progress Trying to Connect to Dhcp Lease TimersAdjusted HP Jetdirect Security 14General Information 2HP Jetdirect Security Current IPsec status IPsec Statistics IPsec Error LogLocal IP addresses 17IKE Statistics IKE StatsIPsec Rules 16IPsec statistics SRC Available Network ServicesIPsec Security Associations SA table 18IPsec Security Associations LPD printing Purpose of Program Requirements for configuring LPDAbout LPD Table A-1LPD programs and protocols Print a test file LPD setup overviewSet up IP parameters Set up print queues LPD on Unix systems Configure print queues for BSD-based systems Example jetdirect1 Use SAM to configure print queues HP-UX systems Print a test file LPD on Microsoft Windows Server 2003/2008 systems Install TCP/IP software Add LPR compatible printer window Verify the configuration Add Microsoft Windows optional networking components Configure a network LPD printerLPD on Microsoft Windows XP systems Print from Microsoft Windows clients Click Start, Printers and Faxes Create an LPR port for an installed printer Control connection Print filesUse FTP printing FTP connections Data connection FTP login End the FTP session CommandsTable B-1User commands for HP Jetdirect FTP server Command Description PORT1 Example FTP Session HP Jetdirect control panel menus V .xx.nn.xx Ssid Graphical control panel menusTable C-1HP Jetdirect EIO Menu on Graphical Control Panel Menu item Sub-menu item Values and Description IPv4 Settings Config Method Configure Keys Transmit KeyReset Enable Dhcp Renew Manual SettingsDefault IP IPv6 Settings Enable Frame Type DHCPv6 PolicyProxy Server Proxy Port IPsec or Firewall AppleTalk EnableReset Security Security Print Sec Http Test Enable WipeCode Verification LAN HW Test Select All Tests TimeoutSnmp Test Data Path Test Percent Lost Ping ResultsPackets Sent Packets Received Print Protocols Link Speed CFG Network Classic control panel EIO menusTable C-2HP Jetdirect EIO Menu on Classic Control Panel Menu Item Description WEB Menu ItemCFG IPX/SPX Code Verification SecurityIpsec Firewall Enww GSOAP Open source licensing statements Expat XML Parser Copyright and Permission Notice CURL GNU General Public License GNU General Public License GNU General Public License Enww No Warranty END of Terms and Conditions GNU Lesser General Public License GNU Lesser General Public License Enww Enww Enww Enww Enww GNU Lesser General Public License Original SSLeay license OpenSSLOpenSSL license OpenSSL Appendix D Open source licensing statements Index See also Gateway NDS Novram Error Total Packets Rcvd Enww Page Hewlett-Packard Development Company, L.P