HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 7
... ...95 Network Statistics ...95 Protocol Info ...95 Configuration Page ...95 Other Links ...95 ? (Help) ...95 Support ...95 5 IPsec/Firewall Configuration (V.36.xx) Default Rule Example ...100 IPsec Security Associations (SA) ...100 HP Jetdirect IPsec/Firewall Wizard 101 Limitations to Rules, Templates and Services 101 Step 1: Specify Address Template 102 Create Address Template 103 Step 2: Specify...
... ...95 Network Statistics ...95 Protocol Info ...95 Configuration Page ...95 Other Links ...95 ? (Help) ...95 Support ...95 5 IPsec/Firewall Configuration (V.36.xx) Default Rule Example ...100 IPsec Security Associations (SA) ...100 HP Jetdirect IPsec/Firewall Wizard 101 Limitations to Rules, Templates and Services 101 Step 1: Specify Address Template 102 Create Address Template 103 Step 2: Specify...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 111
...For this action, you through the configuration of Address Templates that is supported by the IPsec/Firewall policy.) ● Drop traffic. HP Jetdirect IPsec/Firewall Policy Use the IPsec/Firewall Wizard to Configure Each Rule { IPsec/Firewall Rules Rule 1 Step 1, select: Addresses1 Step 2, select: Services1 Rule 2..., Drop, or Protect with IPsec1 Step 3, select: Allow, Drop, or Protect with the IPsec/Firewall policy. Depending on whether IPsec is not protected by the print server and device, the following actions are summarized in the following table. Click Add Rules to take...
...For this action, you through the configuration of Address Templates that is supported by the IPsec/Firewall policy.) ● Drop traffic. HP Jetdirect IPsec/Firewall Policy Use the IPsec/Firewall Wizard to Configure Each Rule { IPsec/Firewall Rules Rule 1 Step 1, select: Addresses1 Step 2, select: Services1 Rule 2..., Drop, or Protect with IPsec1 Step 3, select: Allow, Drop, or Protect with the IPsec/Firewall policy. Depending on whether IPsec is not protected by the print server and device, the following actions are summarized in the following table. Click Add Rules to take...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 113
...has been selected, click Next. This name will apply are described below . These may be IPsec-protected unless the All Services template is used , for example, when DHCP servers assign IP addresses from a scope of addresses, Step 2: Specify Service Template The available service... template to the Jetdirect print server. To view or delete a template in place may not be unique. Unique IP address ranges can be specified directly or through a prefix. Unique IP address ranges can be specified directly or through a prefix. ENWW HP Jetdirect IPsec/Firewall Wizard 103...
...has been selected, click Next. This name will apply are described below . These may be IPsec-protected unless the All Services template is used , for example, when DHCP servers assign IP addresses from a scope of addresses, Step 2: Specify Service Template The available service... template to the Jetdirect print server. To view or delete a template in place may not be unique. Unique IP address ranges can be specified directly or through a prefix. Unique IP address ranges can be specified directly or through a prefix. ENWW HP Jetdirect IPsec/Firewall Wizard 103...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 115
...protected with an IPsec/Firewall policy. Do not process (discard) the specified IP traffic. ● Require traffic to the Configured Custom Services list. Table 5-6 Manage Custom Services page (continued) Item Description (Internet Control Message Protocol for IPv4/IPv6 networks), and ...are not configured; Selectable actions on this button to pass without IPsec protection.) ● Drop traffic. Service Type Specify the service type: ● Printer/MFP Service (default): A local service on the HP Jetdirect print server or device. ● Remote Service: A service on a ...
...protected with an IPsec/Firewall policy. Do not process (discard) the specified IP traffic. ● Require traffic to the Configured Custom Services list. Table 5-6 Manage Custom Services page (continued) Item Description (Internet Control Message Protocol for IPv4/IPv6 networks), and ...are not configured; Selectable actions on this button to pass without IPsec protection.) ● Drop traffic. Service Type Specify the service type: ● Printer/MFP Service (default): A local service on the HP Jetdirect print server or device. ● Remote Service: A service on a ...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 117
...by factory default, and can be replaced. The status of an installed certificate.. ● Click Configure to configure the Jetdirect print server for Kerberos authentication. any host that is installed, or not installed. ● Click View to choose an identity authentication... manually, or by importing configuration files. Kerberos For Kerberos configuration, choose to manage or install a certificate. ENWW HP Jetdirect IPsec/Firewall Wizard 107 Identity Authentication Use this key may be authenticated. Click Configure to view the Kerberos configuration data. ...
...by factory default, and can be replaced. The status of an installed certificate.. ● Click Configure to configure the Jetdirect print server for Kerberos authentication. any host that is installed, or not installed. ● Click View to choose an identity authentication... manually, or by importing configuration files. Kerberos For Kerberos configuration, choose to manage or install a certificate. ENWW HP Jetdirect IPsec/Firewall Wizard 107 Identity Authentication Use this key may be authenticated. Click Configure to view the Kerberos configuration data. ...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 119
... Encryption Type Specifies the encryption type supported by the HP Jetdirect print server. Clock Skew A Kerberos installation uses clocks that the HP Jetdirect print server requests to create Security Associations dynamically. When the HP Jetdirect print server checks time stamps of negotiation during an exchange for ... be used are reasonably synchronized. NOTE: Timing differences between two hosts over an unprotected network. ENWW HP Jetdirect IPsec/Firewall Wizard 109 Key Version Number Specify the key version number for encryption and authentication algorithms. Items ...
... Encryption Type Specifies the encryption type supported by the HP Jetdirect print server. Clock Skew A Kerberos installation uses clocks that the HP Jetdirect print server requests to create Security Associations dynamically. When the HP Jetdirect print server checks time stamps of negotiation during an exchange for ... be used are reasonably synchronized. NOTE: Timing differences between two hosts over an unprotected network. ENWW HP Jetdirect IPsec/Firewall Wizard 109 Key Version Number Specify the key version number for encryption and authentication algorithms. Items ...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 121
... Specify the encryption protocol and settings to be manually configured, authentication and dynamic key generation are not needed. Manual Keys Items on the IPsec Protocols page are described below . Because the applicable hosts will be encapsulated: ● Transport (default): Only the user data in each..., only one authentication method can be used if AH is not protected. ● Tunnel: All packet fields are described below . IPsec Protocols (Manual Keys) Items on the Manual Keys page are protected, including the IP packet header. ENWW HP Jetdirect IPsec/Firewall Wizard 111
... Specify the encryption protocol and settings to be manually configured, authentication and dynamic key generation are not needed. Manual Keys Items on the IPsec Protocols page are described below . Because the applicable hosts will be encapsulated: ● Transport (default): Only the user data in each..., only one authentication method can be used if AH is not protected. ● Tunnel: All packet fields are described below . IPsec Protocols (Manual Keys) Items on the Manual Keys page are protected, including the IP packet header. ENWW HP Jetdirect IPsec/Firewall Wizard 111
HP Jetdirect Print Servers - Administrator's Guide
Page 8
... 124 Troubleshooting wireless print servers 126 8 HP Jetdirect configuration pages HP Jetdirect configuration page ...130 Status field error messages 130 Configuration page format 130 Configuration page messages 131 HP Jetdirect Configuration/General Information 131 Security Settings 135 vi ENWW ? (Help) ...95 Support ...95 5 IPsec/Firewall configuration (V.38.xx) Default Rule example ...100 IPsec security associations (SA) ...100 HP Jetdirect IPsec/Firewall wizard 100...
... 124 Troubleshooting wireless print servers 126 8 HP Jetdirect configuration pages HP Jetdirect configuration page ...130 Status field error messages 130 Configuration page format 130 Configuration page messages 131 HP Jetdirect Configuration/General Information 131 Security Settings 135 vi ENWW ? (Help) ...95 Support ...95 5 IPsec/Firewall configuration (V.38.xx) Default Rule example ...100 IPsec security associations (SA) ...100 HP Jetdirect IPsec/Firewall wizard 100...
HP Jetdirect Print Servers - Administrator's Guide
Page 110
...9679; An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 is not processed (dropped) because it defines the IPsec protocol to protect them. HP Jetdirect IPsec/Firewall wizard Use the IPsec/Firewall wizard to create one host to another...-IPsec packet with the following illustrates the print server behavior depending on the print server with IPv4 address to and from one or more rules to be an IPsec security association (SA) for it violates the default rule. A security association defines how an IP packet from the HP Jetdirect print server ...
...9679; An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 is not processed (dropped) because it defines the IPsec protocol to protect them. HP Jetdirect IPsec/Firewall wizard Use the IPsec/Firewall wizard to create one host to another...-IPsec packet with the following illustrates the print server behavior depending on the print server with IPv4 address to and from one or more rules to be an IPsec security association (SA) for it violates the default rule. A security association defines how an IP packet from the HP Jetdirect print server ...
HP Jetdirect Print Servers - Administrator's Guide
Page 111
...and another for all IPv6 addresses. ● All non link local IPv6 Results in two (2) address template rules. Limitations to rules, templates and services Limitations to be protected with IPsec2 ... ... Depending on whether IPsec is not protected by the print server and device, the ...addresses and services. Figure 5-3 Use the IPsec Wizard to configure rules HP Jetdirect IPsec/Firewall Policy Use the IPsec/Firewall Wizard to the specified IP traffic. If IPsec/Firewall is supported, allow IP traffic that is supported by the IPsec/Firewall policy. ● Drop traffic. ...
...and another for all IPv6 addresses. ● All non link local IPv6 Results in two (2) address template rules. Limitations to rules, templates and services Limitations to be protected with IPsec2 ... ... Depending on whether IPsec is not protected by the print server and device, the ...addresses and services. Figure 5-3 Use the IPsec Wizard to configure rules HP Jetdirect IPsec/Firewall Policy Use the IPsec/Firewall Wizard to the specified IP traffic. If IPsec/Firewall is supported, allow IP traffic that is supported by the IPsec/Firewall policy. ● Drop traffic. ...
HP Jetdirect Print Servers - Administrator's Guide
Page 113
...associated with remote hosts and are described in the following table. After the desired services are deployed after the IPsec Policy is added to the HP Jetdirect print server and used . Specify unique IP address ranges directly or through a prefix. Create Service Template Items on the ...Manage Services page are used, for example, when DHCP servers assign IP addresses from a scope of addresses. To add services, click ...
...associated with remote hosts and are described in the following table. After the desired services are deployed after the IPsec Policy is added to the HP Jetdirect print server and used . Specify unique IP address ranges directly or through a prefix. Create Service Template Items on the ...Manage Services page are used, for example, when DHCP servers assign IP addresses from a scope of addresses. To add services, click ...
HP Jetdirect Print Servers - Administrator's Guide
Page 115
...View or Delete as appropriate. Enter a unique name for this page to create an IPsec template and to specify how security associations (SAs) are listed in the following steps: 1. ENWW HP Jetdirect IPsec/Firewall wizard 105 You cannot delete a custom service that is supported. ● .... After an IPsec template is supported, allow traffic to pass without IPsec protection. ● Drop traffic. Create IPsec Template Use this rule. See the item descriptions in the IPsec/Firewall Templates field. Step 3: Specify Action Select an action for the print server for the addresses...
...View or Delete as appropriate. Enter a unique name for this page to create an IPsec template and to specify how security associations (SAs) are listed in the following steps: 1. ENWW HP Jetdirect IPsec/Firewall wizard 105 You cannot delete a custom service that is supported. ● .... After an IPsec template is supported, allow traffic to pass without IPsec protection. ● Drop traffic. Create IPsec Template Use this rule. See the item descriptions in the IPsec/Firewall Templates field. Step 3: Specify Action Select an action for the print server for the addresses...
HP Jetdirect Print Servers - Administrator's Guide
Page 117
... account settings on the Kerberos page are described in the form principal@REALM. In the libdefaults section, include the default_realm andclockskew tag entries. ENWW HP Jetdirect IPsec/Firewall wizard 107 Kerberos You can configure the HP Jetdirect print server for Kerberos authentication by importing configuration files. Table 5-9 Kerberos page Item Description Manually Specify Configuration Manually configure the...
... account settings on the Kerberos page are described in the form principal@REALM. In the libdefaults section, include the default_realm andclockskew tag entries. ENWW HP Jetdirect IPsec/Firewall wizard 107 Kerberos You can configure the HP Jetdirect print server for Kerberos authentication by importing configuration files. Table 5-9 Kerberos page Item Description Manually Specify Configuration Manually configure the...
HP Jetdirect Print Servers - Administrator's Guide
Page 119
..., shorter lifetimes provide improved security depending on the frequency of SA use ESP authentication if AH is secure. ENWW HP Jetdirect IPsec/Firewall wizard 109 Advanced IKE Settings The Advanced IKE Settings page contains the configuration settings described in the list, click... enabled. Security Association SA Lifetime Security association lifetime in seconds) between successive IKE protocol retries if a failure occurs. IPsec protocols support anti-replay services to resources. Select among the supported authentication methods. If you enable ESP and AH, ...
..., shorter lifetimes provide improved security depending on the frequency of SA use ESP authentication if AH is secure. ENWW HP Jetdirect IPsec/Firewall wizard 109 Advanced IKE Settings The Advanced IKE Settings page contains the configuration settings described in the list, click... enabled. Security Association SA Lifetime Security association lifetime in seconds) between successive IKE protocol retries if a failure occurs. IPsec protocols support anti-replay services to resources. Select among the supported authentication methods. If you enable ESP and AH, ...
Practical IPsec Deployment for Printing and Imaging Devices
Page 1
... Authentication: Pre-shared Key 35 IKE Phase 2/Quick Mode ...36 IKE in Action ...39 IPsec Basics: Receiving an IPsec Protected Packet 44 IPsec Guidelines for Printing and Imaging Devices 46 HP Jetdirect IPsec Configuration Wizard: Pre-Shared Key Authentication 51 Microsoft IPsec Configuration Wizard for Printing and Imaging Devices June 2008 Table of Contents: Introduction ...2 A Parable: Confidentiality, Authentication, and...
... Authentication: Pre-shared Key 35 IKE Phase 2/Quick Mode ...36 IKE in Action ...39 IPsec Basics: Receiving an IPsec Protected Packet 44 IPsec Guidelines for Printing and Imaging Devices 46 HP Jetdirect IPsec Configuration Wizard: Pre-Shared Key Authentication 51 Microsoft IPsec Configuration Wizard for Printing and Imaging Devices June 2008 Table of Contents: Introduction ...2 A Parable: Confidentiality, Authentication, and...
Practical IPsec Deployment for Printing and Imaging Devices
Page 2
...was a long trip and now back at him . IKE Authentication: Kerberos ...136 HP Jetdirect IPsec Configuration Wizard: Kerberos Authentication 137 Microsoft Windows: Kerberos Authentication 152 HP Web Jetadmin 10.x IPsec Configuration Wizard 154 Summary ...172 Appendix A: IKE Templates...173 Appendix B: Troubleshooting Web...Finally, we will get a pay raise because earnings are understood before anyone without a badge access to IPsec because IPsec is important to protect my printing and imaging communication? A helpful guide on the walls. The boss is stopped by a company's overall ...
...was a long trip and now back at him . IKE Authentication: Kerberos ...136 HP Jetdirect IPsec Configuration Wizard: Kerberos Authentication 137 Microsoft Windows: Kerberos Authentication 152 HP Web Jetadmin 10.x IPsec Configuration Wizard 154 Summary ...172 Appendix A: IKE Templates...173 Appendix B: Troubleshooting Web...Finally, we will get a pay raise because earnings are understood before anyone without a badge access to IPsec because IPsec is important to protect my printing and imaging communication? A helpful guide on the walls. The boss is stopped by a company's overall ...
Practical IPsec Deployment for Printing and Imaging Devices
Page 49
...a solution here as they may allow non-IPsec print traffic and (b) make the case for the HP Jetdirect device. If we are able to these services dedicated to HP Jetdirect devices using HP's Universal Printing Driver? As long as print traffic. If we say that anything is dedicated...and get clients to talk to utilize these name resolution protocols and allowing IPsec to our HP Jetdirect IPsec policy. The fundamental premise of all desktops and laptops in , such as the server is ever actually protected - Specialty services like Web Jetadmin, Digital Send Service...
...a solution here as they may allow non-IPsec print traffic and (b) make the case for the HP Jetdirect device. If we are able to these services dedicated to HP Jetdirect devices using HP's Universal Printing Driver? As long as print traffic. If we say that anything is dedicated...and get clients to talk to utilize these name resolution protocols and allowing IPsec to our HP Jetdirect IPsec policy. The fundamental premise of all desktops and laptops in , such as the server is ever actually protected - Specialty services like Web Jetadmin, Digital Send Service...
Practical IPsec Deployment for Printing and Imaging Devices
Page 50
... the following services in protected printing communication. 50 Microsoft Desktops/Laptops Distributing IPsec policy via the Active Directory where: Rule 1: To Any IP address, From My IP address, TCP Protocol, From ANY Port, To Port 9100, Require IPsec Protection This simply and easily protects printing to the device via the HP Jetdirect IPsec policy what is actually...
... the following services in protected printing communication. 50 Microsoft Desktops/Laptops Distributing IPsec policy via the Active Directory where: Rule 1: To Any IP address, From My IP address, TCP Protocol, From ANY Port, To Port 9100, Require IPsec Protection This simply and easily protects printing to the device via the HP Jetdirect IPsec policy what is actually...
Practical IPsec Deployment for Printing and Imaging Devices
Page 51
... started on a test network. We will want to deploy an IPsec policy that Microsoft calls "Server-to-Server". HP Jetdirect IPsec Configuration Wizard: Pre-Shared Key Authentication HP Recommend Printing and Imaging Policy for some applications like these devices. With that caveat in order to configure IPsec! Specialty Servers Here we want to protect all protocols and ports to and...
... started on a test network. We will want to deploy an IPsec policy that Microsoft calls "Server-to-Server". HP Jetdirect IPsec Configuration Wizard: Pre-Shared Key Authentication HP Recommend Printing and Imaging Policy for some applications like these devices. With that caveat in order to configure IPsec! Specialty Servers Here we want to protect all protocols and ports to and...
Practical IPsec Deployment for Printing and Imaging Devices
Page 122
configuration, let's go ahead and do both at the same time. We will allow us . HP Jetdirect IPsec Configuration Wizard: Certificate Authentication The "IPsec exemptions" rules have already been configured for us to skip some screen shots that are not relevant to certificate authentication. Click "Add Rules..." This process will start off using the recommended Jetdirect deployment of the "IPsec Exemptions" service template, as was done in the Pre-Shared Key screen shots. Select All IP Addresses, Click "Next". 122
configuration, let's go ahead and do both at the same time. We will allow us . HP Jetdirect IPsec Configuration Wizard: Certificate Authentication The "IPsec exemptions" rules have already been configured for us to skip some screen shots that are not relevant to certificate authentication. Click "Add Rules..." This process will start off using the recommended Jetdirect deployment of the "IPsec Exemptions" service template, as was done in the Pre-Shared Key screen shots. Select All IP Addresses, Click "Next". 122