Xerox 9203, 9202, 9201 manual At the Web UI5, select the Properties tab

j). Xerox recommends that HTTPS be enabled in the evaluated configuration. To enable HTTPS (SSL):

•At the Web UI5, select the Properties tab.

•Follow the “Machine Digital Certificate Management” instructions starting on page 8-9 of the SAG to install on the device either a self-signed digital certificate or a digital certificate signed by a Certificate Authority (CA).

•Select the following entries from the Properties 'Content menu’: Connectivity ￿ Protocols ￿ HTTP.

•Select the Secure HTTP (SSL) Enabled checkbox in the Configuration group box and enter the desired HTTPS port number in the Port Number text box.

•Select the [Apply] button. This will save the indicated settings. After saving the changes the Web UI will become disabled; the System Administrator will have to access the Web UI again.

k). Xerox recommends the following when utilizing Secure Sockets Layer (SSL) for secure scanning on a ColorQube™ 9201/9202/9203:

•SSL should be enabled and used for secure transmission of scan jobs from a ColorQube™ 9201/9202/9203.

•When storing scanned images to a remote repository using an https: connection, a Trusted Certificate Authority certificate should be uploaded to the device so the device can verify the certificate provided by the remote repository.

•When an SSL certificate for a remote SSL repository fails its validation checks the associated scan job will be deleted and not transferred to the remote SSL repository. The System Administrator should be aware that in this case the job status reported in the Completed Job Log for this job will read: “Job could not be sent as a connection to the server could not be established”.

l). In the evaluated configuration for a ColorQube™ 9201/9202/9203, when ‘Device User Interface Authentication” is set to [Remotely on the Network] the only authentication protocols options recommended to be used are [Kerberos (Solaris)], [Kerberos (Windows 2000/2003)] or [LDAP]. However, use of other authentication protocol options is allowable.

In the case of LDAP/LDAPS the System Administrator should ensure that SSL is enabled as discussed in Step 19 on page 7-9 in the SAG.

m). In the evaluated configuration for a ColorQube™ 9201/9202/9203, when setting up authorization only the [Locally on the Device (Internal Database)] option is recommended to be used. However, use of the [Remotely on the Network] authorization option is allowable.

n). In viewing the Audit Log the System Administrator should note the following:

•Deletion of a file from Reprint Saved Job folders or deletion of a Reprint Saved Job folder itself is recorded in theAudit Log.

•Deletion of a print or scan job or deletion of a scan-to-mailbox job from its scan-to-mailbox folder may not be recorded in the Audit Log.

•Extraneous process termination events (Event 50) may be recorded in the Audit Log when the device is rebooted or upon a Power Down / Power Up.

o). In downloading the Audit Log the System Administrator should ensure that Audit Log records are protected after they have been exported to an external trusted IT product and that the exported records are only accessible by authorized individuals.

p). Be careful not to create an IP Filtering rule that rejects incoming TCP traffic from all addresses with source port set to 80; this will disable the Web UI.

IP Filtering is not available for either the AppleTalk protocol or the Novell protocol with the ‘IPX’ filing transport. Also, IP Filtering will not work if IPv6 is used instead of IPv4.

q). To enable disk encryption:

•At the Web UI, select the Properties tab.

•Select the following entries from the Properties 'Content menu’: Security ￿ User Data Encryption.

•Select the Enabled checkbox in the User Data Encryption Enablement group box.

•Select the [Apply] button. This will save the indicated setting. After saving the changes the Network Controller will reboot; once this reboot is completed the System Administrator will have to access the Web UI again.

Xerox recommends that before enabling disk encryption the System Administrator should make sure that the ColorQube™ 9201/9202/9203 is not in diagnostics mode and that there are no active or pending scan jobs.

5From here on the directions assume that the Web UI has been accessed already by following the “Access Internet Services” instructions on page

2-6 of the SAG.

4