NOTE
|
Number of security policies that can be registeredYou can register up to 10.
If you cannot register one, delete unnecessary security policies. |
|
If the check box is cleared, the security policy cannot be used.
|
Transmission
|
Packets Applying the Security Policy
|
|
[Local Address]
|
RX
|
Packets with "destination IP addresses" that match IP addresses specified here
|
TX
|
Packets with "departure IP addresses" that match IP addresses specified here
|
|
[Remote Address]
|
RX
|
Packets with "departure IP addresses" that match IP addresses specified here
|
TX
|
Packets with "destination IP addresses" that match IP addresses specified here
|
IP Address Entry Example
|
IP Address Entry Method
|
192.168.0.1-192.168.0.10
fe80::1000-fe80::2000 |
If you want to enter the IP addresses of consecutive numbers, place "-" (hyphen) between the address of the smallest number and that of the largest number.
|
192.168.0.0/16
fe80::0000/64 |
In order to specify the subnet range (prefix length), enter a "/" (slash) after the normal IP address symbol, and then enter another prefix length (maximum 32 for IPv4 and maximum 128 for IPv6).
|
Transmission
|
Packets Applying the Security Policy
|
|
[Local Port]
|
RX
|
Packets with "destination ports" that match IP addresses specified here
|
TX
|
Packets with "departure ports" that match IP addresses specified here
|
|
[Remote Port]
|
RX
|
Packets with "departure ports" that match IP addresses specified here
|
TX
|
Packets with "destination ports" that match IP addresses specified here
|
(1)
|
Select [Single Port].
|
(2)
|
Enter the port number (1 to 65535).
|
(1)
|
Select [Main] or [Aggressive] under [IKE Mode].
|
(2)
|
Select [AUTH Method].
If you want to specify [Pre-Shared Key Method]a. Select [Pre-Shared Key Method].
b. Click [Shared Key Settings...].
c. Enter the name of the shared key (up to 24 characters), and then click [OK].
If you want to specify [Digital Signature Method]a. Select [Digital Signature Method].
b. Click [Key and Certificate...].
c. Select the key to use, and then click [Default Key Settings].
|
NOTE
|
[AUTH Method] SettingsIn order to set [Pre-Shared Key Method], the SSL encrypted communication function must be enabled.
We recommend that network settings be performed by the network administrator.
|
[Authentication]
|
Select the authentication algorithm from [SHA1], [MD5] or [SHA1 and MD5].
|
[Encryption]
|
Select the encryption algorithm from [3DES-CBC], [AES-CBC] or [3DES-CBC and AES-CBC].
|
[DH Group]
|
Select the Diffie-Hellman group from [Group 1 (768)], [Group 2 (1024)] or [Group 14 (2048)].
|
(1)
|
When using PFS, select the [Use PFS] check box.
|
(2)
|
Set [Validity].
When specifying by timea. Select the [Specify by Time] check box.
b. Enter the time (1 to 65535 minutes).
When specifying by sizea. Select the [Specify by Size] check box.
b. Enter the size (1 to 65535 MB).
|
NOTE
|
About PFSIf PFS is used, the key generation process becomes complex. Even assuming one key is deciphered, it does not mean that later keys will be deciphered easily.
|
(1)
|
Select [ESP].
|
(2)
|
Select the authentication algorithm from [SHA1], [MD5], [SHA1 and MD5] or [NULL] under [ESP Authentication].
|
(3)
|
Select the encryption algorithm from [3DES-CBC], [AES-CBC], [3DES-CBC and AES-CBC] or [NULL] under [ESP Encryption].
|
(1)
|
Select [AH].
|
(2)
|
Select the authentication algorithm from [SHA1], [MD5] or [SHA1 and MD5] under [AH Authentication].
|
→
|
After performing a hard reset or restarting the printer, the settings are effective.
|
NOTE
|
||||||
To perform a hard resetYou can perform a hard reset using the following procedure.
|