HP 635n HP Jetdirect Print Server Administrator's Guide (Firmware V.36) - Page 110
Default Rule Example, IPsec Security Associations (SA
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 110 highlights
Table 5-1 IPsec/Firewall Policy page (continued) Item Description Add Rules Delete Rules The rules are configured through an IPsec wizard, which is run when you press Add Rules. To remove one or more rule from the policy, click Delete Rules. Advanced This button allows configuration of a Failsafe feature to prevent being locked out of the print server over HTTPS (secure Web browser access) during IPsec/Firewall policy set up. In addition, you can allow selected multicast and broadcast traffic to bypass your IPsec/ Firewall policy. This may be important, for example, for device discovery by system installation utilities. Default Rule Example The following example illustrates the print server behavior depending on whether the default rule is set to Allow or Drop (default). IPsec Policy Configuration Example: IPsec is enabled on the print server with the following rule: ● All IPv4 Addresses ● All Jetdirect Print Services ● A simple IPsec template for these addresses and services has been configured. If the Default Rule is set to Allow, then: ● An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 would not be processed (dropped) because it violates the configured rule. ● An IP packet that is not IPsec-protected, but with an IPv4 address to a service port other than port 9100 (such as Telnet), would be allowed and processed. If the Default Rule is set to Drop, then: ● An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 would not be processed (dropped) because it violates the configured rule. ● An IPsec packet with IPv4 address directed to printing port 9100 would be allowed and processed because it matches the rule. ● A non-IPsec packet with IPv4 address to the Telnet port would be dropped because it violates the default rule. IPsec Security Associations (SA) If a packet is IPsec-protected, there must be an IPsec Security Association (SA) for it. A Security Association defines how an IP packet from one host to another is IPsec-protected. Among many things, it defines the IPsec protocol to use, the authentication and encryption keys, and duration of key use. An IPsec SA is unidirectional; a host may have an inbound SA and an outbound SA associated with particular IP packet protocols and services, and the IPsec protocol used to protect them. When properly configured, the IPsec rules define the Security Associations for IP traffic to and from the Jetdirect print server and can ensure all traffic is secure. 100 Chapter 5 IPsec/Firewall Configuration (V.36.xx) ENWW