Table 5-1IPsec/Firewall Policy page

Item

Description

 

 

Enable IPsec/Firewall

Select the check box to enable your IPsec or Firewall policy. Clear this check box to

or

disable IPsec/Firewall operation.

 

 

Enable Firewall

 

 

 

 

IPsec/Firewall Rules

Configure up to ten rules in descending order of precedence. For example, Rule 1 is

 

higher in precedence than Rule 2.

 

Define each rule using the following fields:

 

Enable Select whether a configured rule is enabled or disabled for the policy.

 

Address Template Set the IP addresses for which the rule applies. Select

 

 

among several predefined templates, or specify a custom template. Click on a

 

 

template entry to view or modify the template configuration.

 

Services Template Identify the services for which the rule applies. Select

 

 

among several predefined templates, or specify a custom template. Click on a

 

 

template entry to view or modify the template configuration.

 

 

CAUTION: If the All Services template for a rule is not specified, a security

 

 

risk can exist. Future networking applications deployed after the IPsec Policy is

 

 

in place might not be IPsec-protected unless the All Services template is used.

 

 

For example, installing a third-party Chai service plug-in, or upgrading firmware

 

 

for the printer or print server, can result in a new service that is not covered by

 

 

the IPsec policy. Review policies whenever firmware is updated or a new Chai

 

 

applet is installed.

 

Action on Match Define how to process the IP traffic that contains the

 

 

addresses and services specified.

 

 

For Firewall operation, the traffic is allowed or dropped, depending on the action

 

 

specified by the rule.

 

 

For IPsec operation, the traffic is allowed without IPsec protection, dropped, or

 

 

IPsec-protected using an IPsec template specified for the rule. Click on a

 

 

template entry to view or modify the template configuration.

 

 

Default Rule

Indicate whether the default rule drops or allows the traffic. The default rule specifies

 

whether to process IP packets that do not match the configured rules.

 

Select Drop (default) to discard traffic not covered by the configured rules.

 

Select Allow to allow traffic that is not covered by the configured rules. Allowing IP

 

packets that do not match the configured rules is not secure.

 

For an example, see Default Rule example on page 108.

 

 

Add Rules

Select Add Rules to configure rules using the IPsec wizard..

Delete Rules

Select Delete Rules to remove one or more rules from the policy.

 

 

Advanced

Configure a Failsafe feature to prevent lock out of the print server over HTTPS

 

(secure Web browser access) during IPsec/Firewall policy set up.

You can allow selected multicast and broadcast traffic to bypass your IPsec/Firewall policy. This might be required for device discovery by system installation utilities.

ENWW

107