HP CM8000 Practical IPsec Deployment for Printing and Imaging Devices - Page 64

We select that we would like to have the Policy enabled and we say "No" to the failsafe option, since we already have configured HTTPS to pass without IPsec protection. Click "OK". What have we done? Well for starters, no one is printing to this device because we haven't setup any clients to use IPsec! Besides that, we have setup a workable security for Jetdirect. This Jetdirect configuration obviously involves some tradeoffs that may not be acceptable to all customers. For those customers that may want to secure other traffic, such as DNS, they simply need to remove "DNS" from the "IPsec Exemptions" service template. For some customers, this security may be too much and they may add more protocols to the "IPsec Exemptions" service template. In any case, it is clear to see via the Jetdirect configuration what traffic is protected via IPsec and which traffic IPsec protection is optional. Highly Secure Printing and Imaging Policy for HP Jetdirect Here is a different policy to utilize for HP Jetdirect. This policy values security above interoperability. Let's look at a really secure configuration where there are only broadcast and multicast exemptions for certain protocols. Let's assume we do not have any IPsec configuration. We click on the "Advanced Button" from the main screen. 64