Lexmark X651DE Common Criteria Installation Supplement and Administrator Guide
Lexmark X651DE - Mfp Laser Mono P/f/s/c Manual
UPC - 734646093729
View all Lexmark X651DE manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X651DE manual content summary:
- Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 1
Common Criteria Installation supplement and administrator guide April 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 2
conjunction with other products, programs, or services, except those expressly designated by the manufacturer, are the user's responsibility. © 2010 Lexmark International, Inc. All rights reserved. UNITED STATES GOVERNMENT RIGHTS This software and any accompanying documentation provided under this - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 3
Contents Overview and first steps 5 Overview...5 Using this guide...5 Supported devices...5 Operating environment...5 Before configuring the device (required)...6 Verifying physical interfaces and installed firmware...6 Attaching a lock...6 Encrypting the hard disk...7 Disabling the USB Buffer...8 - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 4
functions using the EWS...36 Troubleshooting 39 Login Issues...39 "Unsupported USB Device" error message...39 The printer home screen does not return to a locked state when not in use 39 Login screen does not appear when a SmartCard is inserted 39 "The KDC and MFP clocks are different beyond an - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 5
appliances and software in their network environment. A working knowledge of Lexmark multifunction printers is required for effective use of this guide. Some settings can be configured using either the Embedded Web Server (EWS), or the device touch screen. Where applicable, instructions for both - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 6
Download Emulator (DLE) option cards have been installed. 5 If you find additional interfaces, or if a DLE card has been installed, contact your Lexmark representative before proceeding. 6 To verify the firmware version, under Device Information, locate Base =, and Network =. 7 Contact your Lexmark - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 7
switch. 2 Simultaneously press and hold the "2" and "6" keys on the numeric keypad while turning the device back on. It takes approximately a minute to boot into the Configuration menu. Once the MFP is fully powered up, the touch screen should display a list of functions, instead of standard home - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 8
, press Back, and then Exit Config Menu. The MFP will power-on reset, and then return to normal operating mode. Disabling the USB Buffer Disabling the USB buffer disables the USB host port on the back of the device. 1 From the home screen, touch Menus > Network/Ports > Standard USB. 2 Scroll to the - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 9
Installing the minimum configuration You can achieve an evaluated configuration on a non-networked (standalone) device in just a few steps. For this configuration, all tasks are performed at the device, using the touch screen. Configuring the device Configuration checklist This checklist outlines - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 10
ID and password to each user, but also segmenting users into groups. You will select one or more of these groups when configuring security templates, and then apply a security template to each device function, to control access to that function. The MFP supports a maximum of 250 user accounts and 32 - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 11
group, and one or more Administrator groups, as needed. If you have created multiple groups to grant access to specific device functions, select all groups in which the administrator should be included. • For all other users, add only the Authenticated_Users group. 10 Touch Next to save the account - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 12
Setup, select the internal accounts building block. Touch Next. 6 Select one or more groups to be included in the template, and then touch Next to save Controlling access to device functions Access to device functions can be function for all users and administrators. • Not applicable-The function has - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 13
Function eSF Configuration Fax Function Firmware Updates Flash Drive Color Printing Flash Drive Firmware Updates Flash Drive Print Flash Drive Scan FTP Function Held Jobs Access Manage Shortcuts at the Device Manage Shortcuts Remotely Network Ports/Menu at the Device Network Ports/Menu Remotely NPA - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 14
Release Held Faxes Remote Certificate Management Remote Management Reports Menu at the Device Reports Menu Remotely Security Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 15
device to the evaluated configuration. Enabling HTTP/HTTPS access to the Embedded Web Server 1 From the home screen, touch Menus > Network/Ports > Standard Network > STD NET SETUP the home icon to return to the home screen. 7 Reboot the MFP by turning it off and back on using the power switch. - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 16
the address beginning "https://"). 2 Use the navigation menu on the left to access configuration and report menus. Note: If the device IP address or hostname is not readily apparent, you can find it by printing a network setup page. Printing a network setup page 1 From the home screen, touch Menus - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 17
Certificate Management. 3 Select a certificate from the list. The details of the certificate are displayed in the Device Certificate Management window. 4 From here, you can: • Delete-Remove a previously stored certificate. • Download to File-Download or save the certificate as a PEM (.cer) file. 17 - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 18
and then one of the numbered Host fields. 8 Type the IP address of the client device you want to connect to the MFP. If using Pre-Shared Key (PSK) Authentication, also type the key. Note: If using PSK Authentication, retain the key to use later when configuring client devices. 9 Configure IPSec, as - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 19
be necessary to scroll down to find the AppleTalk selection. c Set Activate to No. d Touch Submit. The MFP will return to the AppleTalk screen. From there you can select Back to return to Std Network Setup, or the home icon to return to the home screen. 2 To disable NetWare: a If not starting from - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 20
to automatically sync MFP date and time settings with a trusted clock, so that Kerberos requests and audit log events will be accurately time-stamped. Note: If your network uses DHCP, verify that NTP settings are not automatically provided by the DHCP server before manually configuring NTP settings - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 21
. Kerberos If you will be using LDAP+GSSAPI or Common Access Cards to control user access to the MFP, you must first configure Kerberos. Using the EWS 1 From the EWS, click Settings > Security > Security Setup. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 22
configuration file from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that the Kerberos configuration file for the selected device . 4 Type the Remote Syslog Port number used on the destination server. 5 For Remote - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 23
device to add a digital signature to E-mail alerts. Note: In order to use E-mail alerts, you must click Submit to save changes, and then follow the Setup E-mail Server link to configure If you want the MFP to automatically notify administrators of certain log events, type one or more E-mail addresses - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 24
also configure SMTP settings. For information about SMTP settings, see "E-mail" on page 24. E-mail User data sent by the MFP using Setup. 2 Under SMTP Setup, type the IP address or hostname of the Primary SMTP Gateway the MFP will use for sending E-mail. 3 Type the Primary SMTP Gateway Port number - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 25
Submit. SMTP settings 1 From the home screen, touch Menus > Network/Ports > SMTP Setup. 2 Type the IP address or hostname of the Primary SMTP Gateway the MFP will use for sending E-mail. 3 Select the Primary SMTP Gateway Port number of the destination server. 4 If using a secondary or backup SMTP - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 26
appropriate for your network in the Device Userid, Device password, and Kerberos 5 Realm or NTLM Domain fields. 12 Touch Submit. Fax If your MFP includes fax capabilities and is attached to a phone line, you must disable fax forwarding, enable held faxes, and disable driver to fax. Using the EWS - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 27
RIP card (motherboard). User access Administrators and users are required to login to the MFP using a method that provides both authentication and authorization. Under the evaluated configuration, three options are available for granting access to network-attached devices: internal accounts, LDAP - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 28
ID and password to each user, but also segmenting users into groups. You will select one or more of these groups when configuring security templates, and then apply a security template to each device function, to control access to that function. The MFP supports a maximum of 250 user accounts and 32 - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 29
already deployed on the network. User credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP + GSSAPI configurations. Each configuration must have a unique name - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 30
a user must provide when attempting to access a function protected by the LDAP building block. Device Credentials (optional) • MFP Kerberos Username- Type the distinguished name of the print server(s). • MFP Password-Type the Kerberos password for the print server(s). Search specific object - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 31
to define, select a numbered group, and then specify the Short name for the group, and the Group Identifier. Touch Submit to save changes and return to the LDAP Group Names screen. When creating Security Templates, you will pick groups from this setup for controlling access to device functions. 31 - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 32
800 x 320 pixels. 7 Clear the Allow Copy without Card check box. 8 Clear the Allow Fax without Card check box. 9 Set User Validation Mode to Active Directory. 10 Select Use MFP Kerberos Setup to use the Kerberos settings already configured on the MFP, or clear the check box to use Simple Kerberos - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 33
, provide at least one Manual Login Domain (a Windows Domain Name) to choose from when logging in. Multiple domains can be entered, separated by commas. 13 Select a DC Validation Mode for validating the domain controller certificate when users login to the MFP: • Device Certificate Validation-The - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 34
device function, to control which users are permitted to access that function. At a minimum, you must create two security templates: one for "Administrator_Only" and one Authorization Setup list. This list will be populated with the authentication building blocks that have been configured on the MFP - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 35
MFP, regardless of which one be modified. Controlling access to device functions Configuring PKI Held Jobs PKI Held users to change the number of copies for each job from the printer. • Select Allow Users to Print All if you want to enable users Setup (Settings > Security > Confidential Print Setup). - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 36
for all users and administrators. • Not applicable-The function Device Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 37
Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator Panel Lock Option Card Configuration at the Device Option Card Configuration Remotely Paper Menu at the Device Paper Menu Remotely PictBridge Printing PJL Device Setting Changes Release Held Faxes - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 38
Access Control Supplies Menu Remotely Use Profiles Web Import/Export Settings Level of protection Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled 38 - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 39
Troubleshooting Login Issues "Unsupported USB Device" error message A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with the printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer home screen does not return to a locked state when - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 40
needed. Make sure the time zone and daylight savings time settings are correct. Note: If your network uses DHCP, verify that NTP settings are not automatically provided by the DHCP server before manually configuring NTP settings. 3 If you have configured the printer to use an NTP server, verify that - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 41
IS BLOCKED BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 42
KDC being used to authenticate the user does not recognize the User Principle Name specified in the error message 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication >Configure. 2 If the Simple Kerberos Setup has been configured in PKI Authentication, verify that - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 43
FOR THE LDAP SERVER 1 From the Embedded Web Server, click Settings > Network/Ports > Address Book Setup. 2 Verify that the Server Address has been entered as the hostname (not the IP address), of the LDAP server. 3 Click Submit to save any needed changes. PORT 389 IS BEING USED, BUT THE LDAP SERVER - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 44
principal name, or the credential provided by manual login is used to set the userid (userid). • LDAP Lookup-The userid is retrieved from Active Directory. 3 Click Apply to save any needed changes. "There are no jobs available for [USER]" error message PKI AUTHENTICATION IS NOT SETTING THE CORRECT - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 45
on the lower right to access settings and configuration menus for the device. Note: Access to device menus may be restricted to administrators only. Using the on-screen keyboard Some device settings require one or more alphanumeric entries, such as server addresses, user names, or passwords. When an - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 46
To type a single upper case or Shift character, touch the up-arrow A, and then touch the letter or number you need to capitalize or shift-select. To turn on caps-lock, touch the up-arrow A with the lock symbol, and then continue typing. Uppercase/ - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 47
used in this guide CA CAC DC DHCP DNS DoD EAL EWS GIF GSSAPI HTTP HTTPS IP IPSec IPv4 IPv6 KDC LDAP MFP NTLM NTP OCSP PEM PKI PSK RFC SMTP SSL TCP TLS UDP USB Certificate Authority Common Access Card Domain Controller Dynamic Host Configuration Protocol Domain Name Service Department of Defense - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 48
the Settings menu in the Embedded Web Server Controls the ability to create new profiles Controls access to the Scan to Email function Controls access to the configuration of any installed eSF applications Controls access to the Scan to Fax function Controls the ability to update firmware from any - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 49
Menu Remotely Security Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it does Protects access to the Network/Ports section of the Settings menu from the printer - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 50
Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 51
Access Cards Using a Common Access Card to access the MFP 1 Insert your Common Access Card into the card reader attached to the MFP: Note: The appearance of your MFP, including the location of the card reader, may vary. 2 When prompted, use the number pad located on the touch screen to enter your - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 52
to validate your credentials: 3 After your logon credentials have been validated, the MFP will return to the home screen: Note: The MFP home screen may contain different icons than the one shown here. For more information about using the touch screen, see "Appendix A: Using the touch screen" on page - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 53
NOT INSTALL, COPY, DOWNLOAD, OR OTHERWISE USE THE SOFTWARE PROGRAM. IF YOU DO number of authorized users to the number specified in your agreement with Lexmark. You may not separate the components of the Software Program for use on more than one computer. You agree that you will not Use the Software - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 54
reverse compile or otherwise translate the Software Program, except as and to the extent expressly permitted to do so by applicable law for the purposes of inter-operability, error correction, and security testing. If you have such statutory rights, you will notify Lexmark in writing of any intended - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 55
age of majority in the place you sign this License Agreement and, if applicable, you are duly authorized by your employer or principal to enter into by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 56
configuring 24 Embedded Web Server disabling 20 enabling 15 using 15 encrypting network data 18 encrypting the hard disk 7 encryption IPSec 18 environment operating 5 EWS using 15 F fax forwarding 26 fax settings Driver to fax 26 fax forwarding 26 held faxes 26 fax storage 26 firmware verifying - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 57
access 20 SmartCards 51 SMTP settings configuring 24 supported devices 5 syslog configuring 22 T touch screen using the 45 troubleshooting authentication failure 40 authorization to use Held Jobs 43 authorization to use Print Release Lite 43 certificate error 40 client unknown 42 domain certificate - Lexmark X651DE | Common Criteria Installation Supplement and Administrator Guide - Page 58
www.lexmark.com
Common Criteria
Installation supplement and administrator
guide
April 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3060008-002