Canon I Sensys Mf8280cw User Guide
Have a look at the manual Canon I Sensys Mf8280cw User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1335 Canon manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
0ALJ-0A4 Enabling SSL Encrypted Communication for the Remote UI You can encrypt communication between the machine and a Web browser on the computer by using Secure Sockets Layer (SSL). SSL is a mechanism for encrypting data sent or received over the network. SSL must be enabled when the Remote UI is used for specifying settings for IPSec (Pre -Shared Key Method), IEEE 802.1X authentication (TTLS/PEAP), or SNMPv3. To use SSL for the Remote UI, you need to set a key pair and enable the SSL function. Generate or install the key pair for SSL before enabling SSL ( Configuring Settings for Key Pairs and Digital Certificates ). Start the Remote UI and log on in System Manager Mode. Starting Remote UI Click [Settings/Registration]. Click [Network Settings] [TCP/IP Settings]. Click [Key and Certificate...] in [SSL Settings]. Click [Register Default Key] on the right of the key pair you want to use. 1 2 3 4 5 >à>ß>Ý>Ì>Û>Ì>â>ã>â
NOTE: Viewing details of a certificate You can check the details of the certificate or verify the certificate by clicking the corresponding text link under [Key Name], or the certificate icon. Verifying Key Pairs and Digital Certificates Enable SSL for the Remote UI. 1Click [Security Settings] [Remote UI Settings]. 2Click [Edit...]. 3Select the [Use SSL] check box and click [OK]. Restart the machine. Turn OFF the machine, wait for at least 10 seconds, and turn it back ON. NOTE Using the operation panel You can enable or disable the SSL encrypted communication from .Use SSL 6 7 >à>ß>Þ>Ì>Û>Ì>â>ã>â
Starting the Remote UI with SSL If you try to start the Remote UI when SSL is enabled, a security alert may be displayed regarding the security certificate. In this case, check that the correct URL is entered in the address field, and then proceed to display the Remote UI screen. Starting Remote UI Enabling SSL for e-mailing (MF8580Cdw / MF8550Cdn / MF8540Cdn only) If the SMTP server and the POP3 server support SSL, you can enable SSL for communication with these servers (Configuring Advanced E- mail Settings ). For more information about the SMTP server and the POP3 server, contact your Internet service provider or Network Administrator. LINKS Generating Key Pairs Using CA- issued Key Pairs and Digital Certificates Configuring IPSec Settings Configuring IEEE 802.1X Authentication Monitoring and Controlling the Machine with SNMP >à>ß>ß>Ì>Û>Ì>â>ã>â
0ALJ-0A5 Configuring IPSec Settings Internet Protocol Security (IPSec or IPsec) is a protocol suite for encrypting data transported over a network, including Internet networks. While SSL only encrypts data used on a specific application, such as a Web browser or an e-mail application, IPSec encrypts either whole IP packets or the payloads of IP packets, offering a more versatile security system. The IPSec of the machine works in transport mode, in which the payloads of IP packets are encrypted. With this feature, the machine can connect directly to a computer that is in the same virtual private network (VPN). Check the system requirements and set the necessary configuration on the computer before you configure the machine. System Requirements NOTE IPSec functional restrictions IPSec supports communication to a unicast address (or a single device). The machine cannot use both IPSec and DHCPv6 at the same time. IPSec is unavailable in networks in which NAT or IP masquerade is implemented. Using IPSec with IP address filter IP address filter settings are applied before the IPSec policies. Specifying IP Addresses for Firewall Rules IPSec that is supported by the machine conforms to RFC2401, RFC2402, RFC2406, and RFC4305. Operating system Windows XP/Vista/7/8/Server 2003/Server 2008/Server 2012 Connection mode Transport mode Key exchange protocol IKEv1 (main mode) Authentication method Pre -shared key Digital signature Hash algorithm (and key length) HMAC-SHA1-96 HMAC-SHA2 (256 bits or 384 bits) Encryption algorithm (and key length) 3DES-CBC AES-CBC (128 bits, 192 bits, or 256 bits) Key exchange algorithm/group (and key length) Diffie -Hellman (DH) Group 1 (768 bits) Group 2 (1024 bits) Group 14 (2048 bits) ESP Hash algorithm HMAC-SHA1-96 Encryption algorithm (and key length) 3DES-CBC AES-CBC (128 bits, 192 bits, or 256 bits) Hash algorithm/encryption algorithm (and key length) AES-GCM (128 bits, 192 bits, or 256 bits) AH Hash algorithm HMAC-SHA1-96 >à>ß>à>Ì>Û>Ì>â>ã>â
Before using IPSec for encrypted communication, you need to register security policies (SP). A security policy consists of the groups of settings described below. Up to 10 policies can be registered. After registering policies, specify the order in which they are applied. Selector Selector defines conditions for IP packets to apply IPSec communication. Selectable conditions include IP addresses and port numbers of the machine and the devices to communicate with. IKE IKE configures the IKEv1 that is used for key exchange protocol. Note that instructions vary depending on the authentication me thod selected. [Pre- Shared Key Method] A key of up to 24 alphanumeric characters can be shared with the other devices. Enable SSL for the Remote UI before specifying this authentication method ( Enabling SSL Encrypted Communication for the Remote UI ). [Digital Signature Method] The machine and the other devices authenticate each other by mutually verifying their digital signatures. Generate or install the key pair beforehand ( Configuring Settings for Key Pairs and Digital Certificates ). AH/ESP Specify the settings for AH/ESP, which is added to packets during IPSec communication. AH and ESP can be used at the same time. You can also select whether or not to enable PFS for tighter security. Start the Remote UI and log on in System Manager Mode. Starting Remote UI Click [Settings/Registration]. Click [Security Settings] [IPSec Settings]. Click [Edit...]. Configuring IPSec Settings 1 2 3 4 >à>ß>á>Ì>Û>Ì>â>ã>â
Select the [Use IPSec] check box and click [OK]. If you want the machine to only receive packets that match one of the security policies that you define in the steps below, clear the [Receive Non-Policy Packets] check box. Click [Register New Policy...]. Specify the Policy Settings. 1In the [Policy Name] text box, enter up to 24 alphanumeric characters for a name that is used for identifying the policy. 2Select the [Enable Policy] check box. Specify the Selector Settings. 5 6 7 8 >à>ß>â>Ì>Û>Ì>â>ã>â
[Local Address] Click the radio button for the type of IP address of the machine to apply the policy.[All IP Addresses] Select to use IPSec for all IP packets. [IPv4 Address] Select to use IPSec for all IP packets that are sent to or from the IPv4 address of the machine. [IPv6 Address] Select to use IPSec for all IP packets that are sent to or from an IPv6 address of the machine. [Remote Address] Click the radio button for the type of IP address of the other devices to apply the policy. [All IP Addresses] Select to use IPSec for all IP packets. [All IPv4 Addresses] Select to use IPSec for all IP packets that are sent to or from IPv4 addresses of the other devices. [All IPv6 Addresses] Select to use IPSec for all IP packets that are sent to or from IPv6 addresses of the other devices. [IPv4 Manual Settings] Select to specify a single IPv4 address or a range of IPv4 addresses to apply IPSec. Enter the IPv4 address (or the range) in the [Addresses to Set Manually] text box. [IPv6 Manual Settings] Select to specify a single IPv6 address or a range of IPv6 addresses to apply IPSec. Enter the IPv6 address (or the range) in the [Addresses to Set Manually] text box. [Addresses to Set Manually] If [IPv4 Manual Settings] or [IPv6 Manual Settings] is selected for [Remote Address], enter the IP address to apply the policy. You can also enter a range of addresses by inserting a hyphen between the addresses. NOTE: Entering IP addresses Description Example Entering a single address IPv4: Delimit numbers with periods. 192.168.0.10 IPv6: Delimit alphanumeric characters with colons. fe80::10 Specifying a range of addresses Insert a hyphen between the addresses. 192.168.0.10- 192.168.0.20 Specifying a >à>ß>ã>Ì>Û>Ì>â>ã>â
range of addresses with a prefix (IPv6 only)Enter the address, followed by a slash and a number indicating the prefix length. fe80::1234/64 [Subnet Settings] When manually specifying IPv4 address, you can express the range by using the subnet mask. Enter the subnet mask using periods to delimit numbers (example:"255.255.255.240"). [Local Port]/[Remote Port] If you want to create separate policies for each protocol, such as HTTP or SMTP, enter the appropriate port number for the protocol to determine whether to use IPSec. IMPORTANT: IPSec is not applied to the following packets Loopback, multicast, and broadcast packets IKE packets (using UDP on port 500) ICMPv6 neighbor solicitation and neighbor advertisement packets Specify the IKE Settings. [IKE Mode] The mode used for the key exchange protocol is displayed. The machine supports the main mode, not the aggressive mode. [Authentication Method] Select [Pre -Shared Key Method] or [Digital Signature Method] for the method used when authenticating the machine. You need to enable SSL for the Remote UI before selecting [Pre -Shared Key Method] ( Enabling SSL Encrypted Communication for the Remote UI ). You need to generate or install a key pair before selecting [Digital Signature Method] (Configuring Settings for Key Pairs and Digital Certificates ). [Valid for] Specify how long a session lasts for IKE SA (ISAKMP SA). Enter the time in minutes. [Authentication]/[Encryption]/[DH Group] Select an algorithm from the drop-down list. Each algorithm is used in the key exchange. [Authentication] Select the hash algorithm. [Encryption] Select the encryption algorithm. [DH Group] Select the Diffie -Hellman group, which determines the key strength. Using a pre -shared key for authentication 1Click the [Pre- Shared Key Method] radio button for [Authentication Method] and then click [Shared Key Settings...]. 2Enter up to 24 alphanumeric characters for the pre - shared key and click [OK]. 9 >à>ß>ä>Ì>Û>Ì>â>ã>â
3Specify the [Valid for] and [Authentication]/[Encryption]/[DH Group] settings. Using a key pair and preinstalled CA certificates for authentication 1Click the [Digital Signature Method] radio button for [Authentication Method] and then click [Key and Certificate...]. 2Click [Register Default Key] on the right of a key pair you want to use. NOTE: Viewing details of a key pair or certificate You can check the details of the certificate or verify the certificate by clicking the corresponding text link under [Key Name], or the certificate icon. Verifying Key Pairs and Digital Certificates 3Specify the [Valid for] and [Authentication]/[Encryption]/[DH Group] settings. Specify the IPSec Network Settings. [Use PFS] Select the check box to enable Perfect Forward Secrecy (PFS) for IPSec session keys. Enabling PFS enhances the security while increasing the load on the communication. Make sure that PFS is also enabled for the other devices. [Specify by Time]/[Specify by Size] Set the conditions for terminating a session for IPSec SA. IPSec SA is used as a communication tunnel. Select either or both of the check boxes as necessary. If both check boxes are selected, the IPSec SA session is terminated when either of the conditions has been satisfied. [Specify by Time] Enter a time in minutes to specify how long a session lasts. [Specify by Size] Enter a size in megabytes to specify how much data can be transported in a session. 10 >à>ß>å>Ì>Û>Ì>â>ã>â
[Select Algorithm] Select the [ESP], [ESP (AES-GCM)], or [AH (SHA1)] check box(es) depending on the IPSec header and the algorithm used. AES- GCM is an algorithm for both authentication and encryption. If [ESP] is selected, also select algorithms for authentication and encryption from the [ESP Authentication] and [ESP Encryption] drop-down lists.[ESP Authentication] To enable the ESP authentication, select [SHA1] for the hash algorithm. Select [Do Not Use] if you want to disable the ESP authentication. [ESP Encryption] Select the encryption algorithm for ESP. You can select [NULL] if you do not want to specify the algorithm, or select [Do Not Use] if you want to disable the ESP encryption. [Connection Mode] The connection mode of IPSec is displayed. The machine supports transport mode, in which the payloads of IP packets are encrypted. Tunnel mode, in which whole IP packets (headers and payloads) are encapsulated is not available. Click [OK]. If you need to register an additional security policy, return to step 6. Arrange the order of policies listed under [Registered IPSec Policies]. Policies are applied from one at the highest position to the lowest. Click [Up] or [Down] to move a policy up or down the order . NOTE: Editing a policy Click the corresponding text link under [Policy Name] for the edit screen. Deleting a policy Click [Delete] on the right of the policy name you want to delete click [OK]. Restart the machine. Turn OFF the machine, wait for at least 10 seconds, and turn it back ON. NOTE You can enable or disable the IPSec communication from .Use IPSec LINKS Configuring Settings for Key Pairs and Digital Certificates IPSec Policy List 11 12 13 >à>à>Ü>Ì>Û>Ì>â>ã>â