HP DesignJet 3000 Security Features

HP DesignJet 3000 Manual

Get HP DesignJet 3000 PDF manuals and user guides View all HP DesignJet 3000 manuals
Add to My Manuals
Save this manual to your list of manuals

HP DesignJet 3000 manual content summary:

  • HP DesignJet 3000 | Security Features - Page 1
    HP DesignJet and PageWide XL Printers Security features
  • HP DesignJet 3000 | Security Features - Page 2
    is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as an additional warranty. HP shall not be liable for technical or editorial errors or
  • HP DesignJet 3000 | Security Features - Page 3
    data in storage...23 Self-encrypted hard disk ...23 Secure File Erase (SFE) ...23 Secure Disk Erase (SDE)...24 Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series 26 Scan to FTP folder ...33 Exclude personal info from accounting...35 Disable internet connection ...35 2.5 Document
  • HP DesignJet 3000 | Security Features - Page 4
    HP DesignJet Printers Security Settings User account...64 FP settings ...64 EWS settings...66 Netgard MFD configuration ...67 Basic configuration of Netgard MFD for HP printers 67 Netgard MFD user interface access ...67 Additional information ...72 Security Glossary ...73 Device protection
  • HP DesignJet 3000 | Security Features - Page 5
    This document provides an overview of the security and connectivity features supported by HP DesignJet and PageWide XL printers as of October 2018. The security features described in this document make the HP DesignJet and PageWide XL printer series particularly well suited for deployment in
  • HP DesignJet 3000 | Security Features - Page 6
    HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, in the Embedded Web Server, or the Network Enable Features in Web Jetadmin. In the HP DesignJet T830 MFP/T730 printer, the network Management Protocols can be configured from the Network > Advanced
  • HP DesignJet 3000 | Security Features - Page 7
    HP DesignJet Printers Security Settings SNMP compatibility SNMP is a protocol to get printer information and to configure it. SNMPv3 is its encrypted version. Enabling it, only the
  • HP DesignJet 3000 | Security Features - Page 8
    HP DesignJet Printers Security Settings Disable connectivity interfaces Depending on the printer add extra security features, in this case, you might want to disable the onboard Ethernet. The HP Jetdirect 640n is a print networking device that offers high-speed wired functionality, easy set-up,
  • HP DesignJet 3000 | Security Features - Page 9
    HP DesignJet Printers Security Settings Features: Print at high speed over gigabit networks • and operation costs with off-the-shelf functionality and backward compatibility. See http://www8.hp.com/emea_africa/en/products/print-servers/product-detail.html?oid=5305778 for more information about
  • HP DesignJet 3000 | Security Features - Page 10
    HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator , which enables them to lock the device's control panel by using either the HP Web Jetadmin or the printer's Embedded Web Server (depending on the printer model).
  • HP DesignJet 3000 | Security Features - Page 11
    HP DesignJet Printers Security Settings The following table when the Lock level is set Resets, CIP config, Security, Service Menu 1 Resets, CIP config, Security config Connectivity, AFU, Settings App Internet connectivity Settings App Connectivity Troubleshooting IDS App Access IDS App Actions i.e.
  • HP DesignJet 3000 | Security Features - Page 12
    HP DesignJet Printers Security Settings Settings App Inks Entry Access Paper Settings Settings App FW Update Settings App Printer Logs Settings App Allow SNMP Settings App Service Level 1 3 - Intermediate 4 - Maximum 3 - Intermediate 3 - Intermediate 3 - Intermediate 4 - Maximum 4 - Maximum 4 -
  • HP DesignJet 3000 | Security Features - Page 13
    HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is placed in the Setup tab, in the subsection called Access Control. This function allows you
  • HP DesignJet 3000 | Security Features - Page 14
    HP DesignJet Printers Security Settings Figure 2 - Sign-in methods b. Device user accounts In this section, there are four actions available: • New: to add a new user account. • Edit:
  • HP DesignJet 3000 | Security Features - Page 15
    HP DesignJet Printers Security Settings c. Sign-in and permissions policies You can change the front panel becomes locked and you are unable to unlock it, then you should contact HP support as soon as possible. SCL certificates • Jetdirect identity certificate You can request, install, and manage digital
  • HP DesignJet 3000 | Security Features - Page 16
    . Embedded Web Server (EWS) access control The Embedded Web Server is a powerful tool which enables direct management of devices such as the HP LaserJet or the HP DesignJet printers. With no security in place, however, this tool also has the potential to have a negative effect on many features, as
  • HP DesignJet 3000 | Security Features - Page 17
    HP DesignJet Printers Security Settings 2.2.1.4 Administrator password Access control is enabled by setting the Admin account password, i.e. specifying configure the printer. • View protected printer information pages. • Access the Customer Involvement Program page. • Access the Service Support. 17
  • HP DesignJet 3000 | Security Features - Page 18
    HP DesignJet Printers Security Settings 18
  • HP DesignJet 3000 | Security Features - Page 19
    HP DesignJet Printers Security Settings If there is no administrator account, then the restricted operations can be accessed without a password. 2.2.1.5 Guest with touchscreen front panels only allow the use of the limited set of characters shown below (capital letters are also supported). 19
  • HP DesignJet 3000 | Security Features - Page 20
    HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be set using EWS. • Some printer drivers rely on the EWS for creating the preview. In cases where an administrator password is set, the administrator password
  • HP DesignJet 3000 | Security Features - Page 21
    SNMP v1/v2c). Enable SNMPv3. Enable SNMPv1/v2 read only access. Custom Manually adjust all the settings. Hide IP from front panel Some printers include an option in the Service Menu, accessible with the help of an HP Support agent only, that enables you to hide all IP information from the printer
  • HP DesignJet 3000 | Security Features - Page 22
    HP DesignJet Printers Security Settings 2.3 Data security: encrypted communications IPSec A the IP addresses and services that are allowed by the print server and device. With IPsec support, you can apply IPsec authentication and encryption protocols for those addresses and services. To add a rule
  • HP DesignJet 3000 | Security Features - Page 23
    HP DesignJet Printers Security Settings regardless of ACL entries. This allows hosts to feature. These settings can be changed via Web Jetadmin, EWS and control panel (via the Service Menu with the HP support representative help). • Non-Secure Fast Erase: In this mode, all file pointers to the
  • HP DesignJet 3000 | Security Features - Page 24
    manual, as the actual menu options may differ for a specific printer. The following is an example of how to change the Secure File Erase setting for the HP DesignJet or the Control Panel's Service menu, which is only accessible with the help of an HP Support representative. • HP Web Jetadmin access:
  • HP DesignJet 3000 | Security Features - Page 25
    HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the same 3 options that you have in Web Jetadmin. Note that the name of the feature
  • HP DesignJet 3000 | Security Features - Page 26
    Printers Security Settings Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series) A scanned image may be saved on a USB flash drive or in a network folder. The USB flash drive option requires no
  • HP DesignJet 3000 | Security Features - Page 27
    HP DesignJet Printers Security Settings 4. Create a share name for the folder. Note: It is important to complete the above steps before starting the remaining steps below. 5. In
  • HP DesignJet 3000 | Security Features - Page 28
    HP DesignJet Printers 5. Check the Share this folder box. Security Settings 6. You need to ensure that the scanner user has full read/write control over the shared
  • HP DesignJet 3000 | Security Features - Page 29
    HP DesignJet Printers Security Settings The scanner user can now access the folder and write files to it. Next, you must configure the printer to send scans
  • HP DesignJet 3000 | Security Features - Page 30
    HP DesignJet Printers Security Settings name and password of the scanner user moved or deleted. EXAMPLE: CREATE A SCAN-TO-NETWORK FOLDER USING MAC OS Note: Scan to Network is currently supported on Mac OS 10.9 (Maverick) and previous versions. 1. Create a new user account for the scanner user on
  • HP DesignJet 3000 | Security Features - Page 31
    HP DesignJet Printers Security Settings 4. Make sure the scanner user has Read & Write access to the folder. 5. Click Options. 6. Check the Share files and folder using SMB
  • HP DesignJet 3000 | Security Features - Page 32
    HP DesignJet Printers Security Settings The scanner user can now access the folder remote computer. You cannot use the remote computer's host name as the server name, as this is only supported for computers running Windows. You must use the IPv4 or IPv6 address. Leave the user domain field empty.
  • HP DesignJet 3000 | Security Features - Page 33
    HP DesignJet Printers Security Settings 2.4.1.1 Troubleshooting scan to network connectivity issues If ports: UDP ports 137,138; TCP ports 137,139. • Scan to network is not supported within the following environments/protocols: Active Directory, Cluster Server environment, Kerberos, NFS and SSPI
  • HP DesignJet 3000 | Security Features - Page 34
    have installed HP DesignJet SmartStream, the option to set it as a destination appears. For more information, see HP SmartStream user guide. • without any dots in the name). Fully qualified DNS domain names are also supported. For an FTP folder, enter the server name, folder name, user name,
  • HP DesignJet 3000 | Security Features - Page 35
    HP DesignJet Printers Security Settings You can check at any later time that the shared folder remains accessible by clicking Verify in the Embedded Web Server. A correctly
  • HP DesignJet 3000 | Security Features - Page 36
    HP DesignJet Printers Security Settings 2.5 Document security Job storage and PIN printing Job kept in the scan job queue). ePrint center connection The ePrint feature allows the user to print any supported file sending an email. It is available in the front panel and the EWS. This feature can be
  • HP DesignJet 3000 | Security Features - Page 37
    HP DesignJet Printers Security Settings 37
  • HP DesignJet 3000 | Security Features - Page 38
    advanced printing workflows that can be used to interact with the HP PageWide XL, DesignJet T1700, DesignJet Z6, and DesignJet Z9+ printers. 3.1 Printing using LPR protocol. This feature allows you to print any supported file without drivers or other programs. It can be useful to develop internal
  • HP DesignJet 3000 | Security Features - Page 39
    HP DesignJet Printers How to use the LPR command in Windows. • Turn on the windows the file is located in C:\. 3.2 Printing using FTP protocol. This feature allows you to print any supported file without drivers or other programs. It can be used through command line or as a drag and drop system,
  • HP DesignJet 3000 | Security Features - Page 40
    HP DesignJet Printers How to use FTP combined with DMS server Server Security file directly to the printer without a driver or software) modifying some properties. The following table contains the list of PJLs that are currently supported in the supported printers. This list is still in development
  • HP DesignJet 3000 | Security Features - Page 41
    HP DesignJet Printers Security Settings PJL Name STRINGCODESET JOBNAME (also set via @PJL sent to the printer, any subsequent print quality change will not take effect until the following page. Note: HP PageWide XL Print Quality mapping: * Lines/Fast = DRAFT * Uniform areas = NORMAL * High Detail =
  • HP DesignJet 3000 | Security Features - Page 42
    HP DesignJet Printers Security Settings MEDIADESTINATION FOLDINGMETHODTYPE FOLDINGMETHODENUM note that [ESC] references to the ASCII escape character. The following lines contain the PJLs supported by HP PageWide XL, as shown in the example. The last line in the header references the language
  • HP DesignJet 3000 | Security Features - Page 43
    HP DesignJet Printers [ESC]%-12345X@PJL JOB @PJL SET STRINGCODESET=UTF8 @PJL JOBNAME = "My Job" @PJL USERNAME = "User_01" @PJL MARGINLAYOUT = "OVERSIZE" @PJL MEDIASOURCE = "ROLL6" @PJL ENTER LANGUAGE =
  • HP DesignJet 3000 | Security Features - Page 44
    HP DesignJet Printers Security Settings 4. Large Format printers: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 Z6/Z9+ Device security - Device
  • HP DesignJet 3000 | Security Features - Page 45
    HP DesignJet Printers Security Settings NTLM N/A N/A N/A N/A N/A N/A Data security - Protected data in storage External HDD Yes Yes N/A N/A N/A N/A Removable HDD N/A N/A Yes N/A N/A Yes Self-Encrypted HDD N/A N/A N/A N/A N/A N/A Secure file erase WJA
  • HP DesignJet 3000 | Security Features - Page 46
    HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS
  • HP DesignJet 3000 | Security Features - Page 47
    HP DesignJet Printer Series Security Settings Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 Wizard setup configuration CA/JD Certificates N/A EWS/
  • HP DesignJet 3000 | Security Features - Page 48
    HP DesignJet Printer Series Model Exclude personal info. from accounting Disable internet connection Disable ePrint Center connectivity Job storage and PIN printing (Job retention) T7X00 EWS N/A N/A No
  • HP DesignJet 3000 | Security Features - Page 49
    HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable
  • HP DesignJet 3000 | Security Features - Page 50
    HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk security - PIN printing N/A N/A N/A N/A N/A N/A T620 N/A WJA/FP N/A N/A N/A N/A PAGEWIDE XL PRINTERS Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900 Printer Device security- Device integrity
  • HP DesignJet 3000 | Security Features - Page 51
    HP DesignJet Printer Series Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900 Printer Mode and PIN printing Yes Security Settings Model HP PageWide XL 8000/5000/4500/4000 Printer HP PageWide XL 5000/4500/4000 Multifunction Printer HP PageWide XL 4500 Printer and Multifunction Printer
  • HP DesignJet 3000 | Security Features - Page 52
    HP DesignJet Printer Series Security Settings 5. Large Format scanners: security features summary Multi- MFP/T1100 MFP, HD-MFP Series DJ 4520 Scanner DJ 4500 Scanner DJ HD Scanner HP DesignJet HD/SD Pro Scanner HP HD/SD Pro Scanner PageWide XL MFP series T1120 SD-MFP T2300 MFP T2500 MFP T2530
  • HP DesignJet 3000 | Security Features - Page 53
    HP DesignJet Printer Series 6. Ports used in HP printers Security Settings Below you can find a list with the ports used by HP printers. Some connection problems are caused by a firewall blocking the needed port. They are ordered by protocol or function. Note: Ports may change as HP /services
  • HP DesignJet 3000 | Security Features - Page 54
    HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos TCP, UDP 88 NetBIOS, SMB (Scan TCP 139, to network) 445 SDK (SNMP) UDP
  • HP DesignJet 3000 | Security Features - Page 55
    The printer connects through HTTP over TLS/SSL to several cloud services. IPP Jobs that include HTTPS references may also require downloading and some HP Software utilities. In the HP DesignJet T790/795/T1300, this feature is only available with the Jetdirect accessory. It can be manually used from
  • HP DesignJet 3000 | Security Features - Page 56
    > Other Settings > WS-Discovery [EWS] > Network > Other Settings > WS-Print Used by HP ePrint to connect to HP cloud services (email printing). Used for IP address and name resolution. It will disable advertising of services supported by the device including 9100 printing, LPD printing and IPP/IPPS
  • HP DesignJet 3000 | Security Features - Page 57
    Purpose and consequences of disabling it Configuration DesignJet & DesignJet & PageWide XL PageWide XL SFP MFP SDK (Paper TCP 8085 In Some HP software utilities and HP SDK for RIPs may [Control Panel] > Settings> Yes Yes management) perform web service requests to this port to Security
  • HP DesignJet 3000 | Security Features - Page 58
    HP DesignJet Printer Series Security Settings Appendix 1 - Web Jetadmin HP Web Jetadmin is a printer management solution capable of performing Large Format Printers Since the introduction of HP PageWide XL printers, the list of features supported by HP Web Jetadmin is included in a Manageability
  • HP DesignJet 3000 | Security Features - Page 59
    HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number networking settings DNS Server HTTP Idle Timeout IPv4 Information IPv6 Information Link Setting mDNS Service Name Network Enable Feature SNMP Trap Destination Table TCP Idle Timeout TCP/IP
  • HP DesignJet 3000 | Security Features - Page 60
    Security Manager documentation for updated information on how to use the tool and supported features. Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series) Authentication Authentication Services 802.1x Authentication 802.1x EAP-TLS Certificate Management Identity Certificate CA
  • HP DesignJet 3000 | Security Features - Page 61
    HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS 140 Compliance Library Windows Verify Certificate for IPP/
  • HP DesignJet 3000 | Security Features - Page 62
    can find further information about it: • User guide: http://h10032.www1.hp.com/ctg/Manual/c03564719 • Installation guide: http://h10032.www1.hp.com/ctg/Manual/c03564723 • Supported printers: http://h10032.www1.hp.com/ctg/Manual/c03601723 • Licensing: http://h10032.www1.hp.com/ctg/Manual/c04677865 62
  • HP DesignJet 3000 | Security Features - Page 63
    HP DesignJet Printer Series Security Settings Note: To obtain an update for your solution or to renew your license, send an email to [email protected] with "Software Updates Portal" in the Subject line and include the name of the solution in the body of the email. 63
  • HP DesignJet 3000 | Security Features - Page 64
    HP DesignJet Printer Series Security Settings Appendix 4 - Netgard overview Introduction API's Netgard those workflows. The rest of the workflows such as "Print from Skylon" and "Print from Driver" are not protected (authentication is not required to launch them) and, therefore, they are supposed
  • HP DesignJet 3000 | Security Features - Page 65
    HP DesignJet Printer Series Security Settings 3. Select the IPV4 SETTINGS option and set the Config Method as DHCP. 4. Afterwards, select this icon in the FP: 65
  • HP DesignJet 3000 | Security Features - Page 66
    HP DesignJet Printer Series 5. Finally, select OK to confirm the settings. Security Settings EWS settings 1. Access to the EWS through this IP @: 15.196.22.211 2. Go
  • HP DesignJet 3000 | Security Features - Page 67
    HP DesignJet Printer Series Netgard MFD configuration Basic configuration of Netgard MFD for HP printers Security Settings Netgard MFD user interface access 1. Connect your computer to the MGMT port of the Netgard MFD and assign to your computer an
  • HP DesignJet 3000 | Security Features - Page 68
    HP DesignJet Printer Series 3. When the user is logged in, select the Network tab. Security Settings For HP printers the user has to apply some changes in the default Netgard MFD configuration: Netgard IP Address: 192.168.245.1 Subnet Mask: 255.255.255.0
  • HP DesignJet 3000 | Security Features - Page 69
    HP DesignJet Printer Series Security Settings Set the following fields: Domain Name: bchp.com Primary DNS Server: This information is specified under the Network > Configuration section. Secondary
  • HP DesignJet 3000 | Security Features - Page 70
    HP DesignJet Printer Series Security Settings Apply the following settings: Scan Setup Enabled/disabled Scan to Email Enabled Port Depending on the server: SMTP 25 or 465 70
  • HP DesignJet 3000 | Security Features - Page 71
    HP DesignJet Printer Series Scan to FTP Scan to File Server Scan to Home Enabled Enabled Disabled IMAP 143 or 993 21 139 --- Security Settings The Firewall
  • HP DesignJet 3000 | Security Features - Page 72
    logos y ultima revision).docx DesignJet Printers supported: • HP DesignJet T2500 and T3500 MFP • HP DesignJet T795, T920, T930, T1530, T2530 and T1500 printer series PageWide Printers supported: • HP PageWide XL 8000 Printer series • HP PageWide XL 5000 Printer series • HP PageWide XL 4000/4500
  • HP DesignJet 3000 | Security Features - Page 73
    Printer Series Security Settings Security Glossary HP DesignJet & PageWide XL printers This glossary lists words and features you might hear or read in a security document. Please note that the features and protocols listed are not all integrated into the HP DesignJet or PageWide XL printers. 73
  • HP DesignJet 3000 | Security Features - Page 74
    HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to get the printer system started after it is turned on. HP protocols and services are enabled. -On Security Devices supporting Instant-On Security features
  • HP DesignJet 3000 | Security Features - Page 75
    HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for availability of new firmware versions and prepare them to be installed. For the administration of large networks with several printers, HP recommends
  • HP DesignJet 3000 | Security Features - Page 76
    HP solution based on the OXP interface that offers secure workflows through authentication with LDAP, secure pull printing and job accounting/cost allocation. LDAP Protocol used to access directory services to get information about users, devices, printers, etc. The most used directory service
  • HP DesignJet 3000 | Security Features - Page 77
    HP DesignJet Printer Series Security Settings domain names, exactly like Web sites, and any LDAP- in a network to demonstrate their identities in a secure way. Kerberos is the authentication service in Windows networks. NTLMv2 The authentication protocol used, among other cases, to access to
  • HP DesignJet 3000 | Security Features - Page 78
    HP DesignJet Printer Series Security Settings Secure sanitizing erase It conforms to the U.S. Department of Defense 5220-22.M specification for deleting magnetically stored data. Secure sanitizing erase
  • HP DesignJet 3000 | Security Features - Page 79
    HP DesignJet . The user provides a simple PIN code, or uses an authentication method supported for other HP multi-function printers in walk-up operations, to release the print job. submission point (i.e. in the driver). Smart card A smart card will be required by the device to access a
  • HP DesignJet 3000 | Security Features - Page 80
    more information: About HP DesignJet printers: www.hp.com/go/designjet About HP Web Jetadmin: www.hp.com/go/webjetadmin © 2014, 2016 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
HP DesignJet and PageWide XL
Printers
Security features