Xerox 9202, 9201 •At the Web UI, select the Properties tab, •On the Edit SNMP v3 Properties page

r). The System Administrator should ensure that the Embedded Fax Card and fax software is installed in accordance with the “Complete the Fax Setup Screens” instructions on page 15-2 in the SAG. The System Administrator can then set Embedded Fax parameters and options via the Local User Interface on the machine by following the instructions on pages 15-2 through 15-4 in the SAG.

s). To enable and configure IPSec, follow the instructions starting on page 8-12 in the SAG. Xerox strongly recommends that IPSec should be used to secure printing jobs; HTTPS (SSL) should be used to secure scanning jobs. Note: IPSec is not available for either the AppleTalk protocol or the Novell protocol with the ‘IPX’ filing transport.

Xerox also recommends that the default values for IPSec parameters listed in the IPSec section in the SAG be used whenever possible for secure IPSec setup. The following default values not listed in the SAG should also be used for secure IPSec setup:

•For defining policies the options listed for ‘Hosts’, ‘Protocols’ and ‘Action’ are all defaults; the System Administrator should choose the particular option that pertains to whether the hosts and protocols in each case are to be allowed or discarded and the corresponding desired action.

•The Host Group address type defaults to ‘Specific’.

•Protocol Group Custom Protocol defaults to being disabled. If Custom Protocol is enabled then the protocol defaults to ‘TCP’ and the Device Is type defaults to ‘Server’.

•The IPSec New Actions keying method defaults to ‘Internet Key Exchange (IKE)’.

•If ‘Manual Keying’ is selected the IPSec security option defaults to ‘ESP’, the Security Parameter Index: IN defaults

to ‘256’, the Security Parameter Index: OUT defaults to ‘257’, the hash method defaults to ‘SHA-1’, the encryption method defaults to ‘3DES’ and the keys option defaults to ‘ASCII format (System will automatically convert to hex value for you)’. Also, “AH” alone should not be selected as the IPSec Security option.

•If ‘Internet Key Exchange (IKE)’ is selected the IKE Phase 1 key lifetime defaults to ’86,400 seconds’, the DH Group defaults to ‘DH Group 2 (1024-bit MODP)’, the Encrypt/Hash pair defaults to ‘SHA-1 and AES’, the IPSec mode defaults to ‘Transport Mode’, the IPSec security option defaults to ‘ESP’, the IKE Phase 2 key lifetime defaults to ’28,800 seconds’, the IKE Phase 2 hash method defaults to ‘SHA1’ and the IKE Phase 2encryption method defaults to ‘3DES’.

t). Xerox recommends that if SNMP is enabled SNMPv3 should be used. SNMPv3 can be set up by following these instructions:

SNMPv3 cannot be enabled until SSL (Secure Sockets Layer) and HTTPS (SSL) are enabled on the machine.

•At the Web UI, select the Properties tab.

•Select the following entries from the Properties 'Content menu’: Connectivity ￿ Protocols ￿ SNMP. This will display the SNMP Configuration page.

•Select the “Enable SNMP v3 Protocol” checkbox inside the SNMP Properties group box.

•Select the [Edit SNMP v3 Properties] button inside the SNMP Properties group box. This will cause the Edit SNMP v3 Properties page to be displayed.

•On the Edit SNMP v3 Properties page:

•Select the Account Enabled button inside the Administrator Account6 group box to create an administrator account.

•Enter the desired Username and Authentication Password. The Authentication Password must be at least 8 alphanumeric characters (the default value is ‘3tamAvUMEfeR84erar6z’).

•Enter the desired Privacy Password of at least 8 alphanumeric characters (the default value is ‘TRUDU27qumAspuswe4he’).

•Select the Account Enabled button inside the Print Drivers Account group box to create an account for bi-directional print drivers / Xerox remote clients.

•Select the [Apply] button. This will create an administrator account and save the indicated settings/passwords. After saving the changes the SNMP Configuration page will be redisplayed.

The System Administrator should be aware that in configuring SNMPv3 there is the option of resetting both the Privacy and Authentication passwords back to their default values. This option should only be used if necessary since if the default passwords are not known no one will be able to access the SNMP administrator account.

6The SNMP administrator account is strictly for the purposes of accessing and modifying the MIB objects via SNMP; it is separate from the System Administrator “admin” user account or user accounts given SA privileges by the System Administrator “admin” user. The administrator account can not perform any System Administrator functions.

5