Home » HP Manuals » Printers » HP Jetdirect 640n » Manual Viewer

HP Jetdirect 640n HP Jetdirect Print Servers 640n and 695n - Administrator's G - Page 117

IPsec/Firewall Policy Table 5-1

Add to My Manuals
Save this manual to your list of manuals

Page 117 highlights

Table 5-1 IPsec/Firewall Policy page Item Description Enable IPsec/Firewall or Select the check box to enable your IPsec or Firewall policy. Clear this check box to disable IPsec/Firewall operation. Enable Firewall IPsec/Firewall Rules Configure up to ten rules in descending order of precedence. For example, Rule 1 is higher in precedence than Rule 2. Define each rule using the following fields: ● Enable Select whether a configured rule is enabled or disabled for the policy. ● Address Template Set the IP addresses for which the rule applies. Select among several predefined templates, or specify a custom template. Click on a template entry to view or modify the template configuration. ● Services Template Identify the services for which the rule applies. Select among several predefined templates, or specify a custom template. Click on a template entry to view or modify the template configuration. CAUTION: If the All Services template for a rule is not specified, a security risk can exist. Future networking applications deployed after the IPsec Policy is in place might not be IPsec-protected unless the All Services template is used. For example, installing a third-party Chai service plug-in, or upgrading firmware for the printer or print server, can result in a new service that is not covered by the IPsec policy. Review policies whenever firmware is updated or a new Chai applet is installed. ● Action on Match Define how to process the IP traffic that contains the addresses and services specified. For Firewall operation, the traffic is allowed or dropped, depending on the action specified by the rule. For IPsec operation, the traffic is allowed without IPsec protection, dropped, or IPsec-protected using an IPsec template specified for the rule. Click on a template entry to view or modify the template configuration. Default Rule Indicate whether the default rule drops or allows the traffic. The default rule specifies whether to process IP packets that do not match the configured rules. Select Drop (default) to discard traffic not covered by the configured rules. Select Allow to allow traffic that is not covered by the configured rules. Allowing IP packets that do not match the configured rules is not secure. For an example, see Default Rule example on page 108. Add Rules Select Add Rules to configure rules using the IPsec wizard.. Delete Rules Select Delete Rules to remove one or more rules from the policy. Advanced Configure a Failsafe feature to prevent lock out of the print server over HTTPS (secure Web browser access) during IPsec/Firewall policy set up. You can allow selected multicast and broadcast traffic to bypass your IPsec/Firewall policy. This might be required for device discovery by system installation utilities. ENWW 107

Section	Page
Introducing the HP Jetdirect print server	11
Supported print servers	11
Supported network protocols	12
Security protocols	13
SNMP (IP and IPX)	13
HTTPS	13
Authentication	13
EAP/802.1X port-based authentication	13
IPsec/Firewall	14
Supplied manuals	14
HP support	15
HP online support	15
Firmware upgrades	15
Firmware installation tools	15
HP support by phone	15
Product registration	16
Product accessibility	16
HP software solutions summary	17
HP Install Network Printer Wizard (Microsoft Windows)	18
Requirements	19
HP Jetdirect Printer Installer for UNIX	19
HP Web Jetadmin	19
System requirements	19
Install HP Web Jetadmin software	20
Verify HP Web Jetadmin installation and provide access	20
Configure and modify a device	20
Remove HP Web Jetadmin software	20
Internet Printer Connection software	20
Microsoft-supplied software	21
Microsoft Windows XP/Windows Server 2003 or 2008 integrated software	21
Novell-supplied software	22
Mac OS network installation	22
TCP/IP configuration	25
IPv6 configuration	25
IPv6 address introduction	25
IPv6 address configuration	26
Link-local address	26
Stateless addresses	27
Stateful addresses	27
Use DNS	27
Tools and utilities	28
IPv4 configuration	28
Server-based and manual TCP/IP configuration (IPv4)	28
Default IP address (IPv4)	29
Default IP address is not assigned	29
Default IP address is assigned	29
Default IPv4 address configuration options	30
Default IPv4 behavior	31
TCP/IP configuration tools	31
Use BOOTP/TFTP (IPv4)	32
Advantages of using BOOTP/TFTP	32
Configure the print server using BOOTP/TFTP on UNIX	32
Use DHCP (IPv4)	46
UNIX systems	46
Microsoft Windows systems	47
Discontinue DHCP configuration	47
Use RARP (IPv4)	47
Use the arp and ping commands (IPv4)	48
Use Telnet (IPv4)	49
Create a Telnet connection	50
A typical Telnet session	50
Telnet user interface options	51
Use Telnet to remove an IP address	70
Move to another network (IPv4)	71
Use the HP Embedded Web Server	71
Use the printer control panel	71
HP Embedded Web Server (V.45.xx.nn.xx)	73
Requirements	74
Compatible Web browsers	74
Supported HP Web Jetadmin version	74
View the HP Embedded Web Server	74
Operating notes	76
HP Jetdirect Home tab	76
Device tabs	77
Networking tab	77
TCP/IP Settings	84
Summary tab	84
Network Identification tab	85
TCP/IP(v4) tab	86
TCP/IP(v6) tab	87
Config Precedence tab	88
Advanced tab	89
Network Settings	91
IPX/SPX	91
AppleTalk	92
DLC/LLC	93
SNMP	93
Other Settings	95
Misc. Settings	95
Firmware Upgrade	97
LPD Queues	97
Support Info	100
Refresh Rate	100
Select Language	100
Security: Settings	100
Status	100
Wizard	100
Restore Defaults	102
Authorization	103
Admin. Account	103
Certificates	103
Configure certificates	104
Access Control	107
Mgmt. Protocols	108
Web Mgmt.	108
SNMP	108
SNMP v3	108
Other	109
802.1X Authentication	110
IPsec/Firewall	112
Device Announcement Agent	112
Network Statistics	113
Protocol Info	113
Configuration Page	113
Other Links	113
? (Help)	113
Support	113
IPsec/Firewall configuration (V.45.xx.nn.xx)	115
Default Rule example	118
IPsec security associations (SA)	118
HP Jetdirect IPsec/Firewall wizard	118
Limitations to rules, templates and services	119
Step 1: Specify Address Template	120
Create Address Template	120
Step 2: Specify Service Template	121
Create Service Template	121
Manage Services	122
Manage Custom Services	122
Step 3: Specify Action	123
Specify IPsec/Firewall Template	123
Create IPsec Template	124
Identity Authentication	124
Kerberos	125
Kerberos Settings	126
IKEv1/IKEv2 Phase 1 (Authentication)	127
IKEv1/IKEv2 Phase 2 / Quick Mode (IPsec Protocols)	127
Advanced IKE Settings	128
IPsec Protocols (Manual Keys)	128
Manual Keys	129
Rule Summary	130
Configure Microsoft Windows systems	130
Security features (V.45.xx.nn.xx)	131
Limit access to security features	134
Troubleshoot the HP Jetdirect print server	135
Reset to factory defaults	136
Example: Cold reset using the service menu	136
Disable an HP Jetdirect embedded print server (V.45.xx.nn.xx)	138
General troubleshooting	139
Troubleshooting chart - assess the problem	139
Procedure 1: Verify the printer is on and online	140
Procedure 2: Print an HP Jetdirect configuration page	140
Procedure 3: Resolve printer display error messages	141
Procedure 4: Resolve printer network communication problems	142
Troubleshooting wireless print servers	145
HP Jetdirect configuration pages	149
HP Jetdirect configuration page	150
Status field error messages	150
Configuration page format	150
Configuration page messages	151
HP Jetdirect Configuration/General Information	151
Security Settings	154
Network Statistics	156
TCP/IP protocol information	157
IPv4 section	157
IPv6 section	159
IPX/SPX protocol information	160
Novell/NetWare parameters	161
AppleTalk protocol information	161
DLC/LLC protocol information	162
Error messages	162
HP Jetdirect Security page	169
Security settings	170
IPsec Error Log	172
Local IP addresses	172
IPsec Statistics	172
IKE Stats	173
IPsec Rules	173
IPsec Security Associations (SA) table	174
Available Network Services	174
LPD printing	175
About LPD	176
Requirements for configuring LPD	176
LPD setup overview	177
Step 1. Set up IP parameters	177
Step 2. Set up print queues	177
Step 3. Print a test file	177
LPD on UNIX systems	178
Configure print queues for BSD-based systems	178
Use SAM to configure print queues (HP-UX systems)	179
Print a test file	180
LPD on Microsoft Windows Server 2003/2008 systems	180
Install TCP/IP software	181
Configure a network printer for Microsoft Windows Server 2003/2008 systems	181
Verify the configuration	182
Print from Microsoft Windows clients	183
LPD on Microsoft Windows XP systems	183
Add Microsoft Windows optional networking components	183
Configure a network LPD printer	183
Add a new LPD printer	183
Create an LPR port for an installed printer	184
FTP printing	185
Requirements	185
Print files	185
Use FTP printing	185
FTP connections	185
Control connection	185
Data connection	186
FTP login	186
End the FTP session	187
Commands	187
Example FTP Session	188
HP Jetdirect control panel menus (V.45.xx.nn.xx)	189
Graphical control panel menus	190
Classic control panel EIO menus	199
Open source licensing statements	203
gSOAP	203
Expat XML Parser	204
cURL	205
GNU General Public License	206
GNU Lesser General Public License	211
OpenSSL	218
OpenSSL license	218
Original SSLeay license	218

Match case Limit results 1 per page

Table 5-1

IPsec/Firewall Policy page

Item

Description

Enable IPsec/Firewall

Enable Firewall

Select the check box to enable your IPsec or Firewall policy. Clear this check box to

disable IPsec/Firewall operation.

IPsec/Firewall Rules

Configure up to ten rules in descending order of precedence. For example, Rule 1 is

higher in precedence than Rule 2.

Define each rule using the following fields:

●

Enable

Select whether a configured rule is enabled or disabled for the policy.

●

Address Template

Set the IP addresses for which the rule applies. Select

among several predefined templates, or specify a custom template. Click on a

template entry to view or modify the template configuration.

●

Services Template

Identify the services for which the rule applies. Select

among several predefined templates, or specify a custom template. Click on a

template entry to view or modify the template configuration.

CAUTION:

If the

All Services

template for a rule is not specified, a security

risk can exist. Future networking applications deployed after the IPsec Policy is

in place might not be IPsec-protected unless the

All Services

template is used.

For example, installing a third-party Chai service plug-in, or upgrading firmware

for the printer or print server, can result in a new service that is not covered by

the IPsec policy. Review policies whenever firmware is updated or a new Chai

applet is installed.

●

Action on Match

Define how to process the IP traffic that contains the

addresses and services specified.

For Firewall operation, the traffic is allowed or dropped, depending on the action

specified by the rule.

For IPsec operation, the traffic is allowed without IPsec protection, dropped, or

IPsec-protected using an IPsec template specified for the rule. Click on a

template entry to view or modify the template configuration.

Default Rule

Indicate whether the default rule drops or allows the traffic. The default rule specifies

whether to process IP packets that do not match the configured rules.

Select

Drop

(default) to discard traffic not covered by the configured rules.

Select

Allow

to allow traffic that is not covered by the configured rules. Allowing IP

packets that do not match the configured rules is not secure.

For an example, see

Default Rule

example

on page

108

Add Rules

Delete Rules

Select

Add Rules

to configure rules using the IPsec wizard..

Select

Delete Rules

to remove one or more rules from the policy.

Advanced

Configure a

Failsafe

feature to prevent lock out of the print server over HTTPS

(secure Web browser access) during IPsec/Firewall policy set up.

You can allow selected multicast and broadcast traffic to bypass your IPsec/Firewall

policy. This might be required for device discovery by system installation utilities.

ENWW

107