HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 89

Click "Assign". Now printing is protected by IPsec over TCP port 9100. Any other form of printing will be rejected by HP Jetdirect unless the proper IPsec credentials are used. Therefore, other desktop clients cannot bypass the printing protection using another print protocol. Microsoft Vista/Server 2008: IPsec Configuration via Netsh HP Recommend IPsec Policy to Protect Printing for Desktops/Laptops Microsoft's Vista and Server 2008 have introduced a new IPsec wizard that is combined with the Windows Firewall. This snap-in, Windows Firewall with Advanced Security (hereafter: advanced firewall), to MMC provides a much easier to navigate wizard than what we have covered previously. It provides more updated encryption algorithm support such as AES as well as integrated IPv6 support. NOTE: For the best interoperability with HP Jetdirect and Vista, please use Vista with Service Pack 1 or later. Unfortunately, there is no way to specify protocols and port numbers to be protected using the advanced firewall wizard as of the released version of Vista Enterprise. As a result, we have to use the command line netsh utility to do the same thing we did in the last section. Here is how to protect TCP port 9100 to all IP addresses from a command prompt with administrator privileges: netsh advfirewall consec add rule name="P9100" endpoint1=any endpoint2=any protocol=tcp port1=any port2=9100 action=requireinrequireout auth1=computerpsk auth1psk=blah We can see the result of this command via netsh as well. 89