Management Functions
Authentication Functions
When an Active Directory server is specified as an authentication server, the following system environment is required.
Software (operating system): | Windows Server 2016*1/Windows Server 2019*1/Windows Server 2022*1 |
*1 Users cannot log in with Active Directory authentication if Kerberos Armoring is enabled for KDCrelated policies (group policies). Make sure to disable Kerberos Armoring. | |
Firewall Settings
When specifying IP addresses in firewall settings, up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
When specifying MAC addresses in firewall settings, up to 100 MAC addresses can be specified.
The exception addresses and exception port numbers that can be used for communication using the sub line and are registered by default are indicated below.
Exception addresses: | 0.0.0.1 to 255.255.255.255 |
Exception port numbers: | 53, 67, 68, 80, 161, 443, 515*, 631*, 3702, 5353, 5357, 5358, 8000*, 8080, 8443*, 9013, 9100*, 10443*, 20010*, 47545 |
* Inbound filter only | |
Registration of Certificates (User Signature Keys/Certificates, CA Certificates, S/MIME Certificates)
The algorithms and formats of keys and certificates that can be registered are as follows.
RSA signature algorithm: | SHA-1/SHA-256/SHA-384*1/SHA-512*1/MD2*2/MD5*2 |
RSA public-key algorithm (key length): | RSA (512 bits*2/1024 bits/2048 bits/4096 bits*2) |
DSA signature algorithm: | SHA-1 |
DSA public-key algorithm (key length): | DSA (1024 bits/2048 bits/3072 bits) |
ECDSA signature algorithm: | SHA-1/SHA-256/SHA-384/SHA-512 |
ECDSA public-key algorithm (key length): | ECDSA (P256/P384/P521) |
Certificate format: | User Signature Keys/Certificates: PKCS#12*3 Keys, Certificates: PKCS#12*4 CA Certificates, S/MIME Certificates: X.509 DER/PEM |
File extension: | User Signature Keys/Certificates: pfx/p12 Keys, Certificates: pfx/p12*4 CA Certificates, S/MIME Certificates: cer/pem |
Maximum number of registerable certificates: | Keys, Certificates: 6*4 CA Certificates: 150 S/MIME Certificates: 2,000 |
*1 Available only when the key algorithm is 1024 bits or more. *2 Cannot be used for user signatures *3 Available only when installed by using the Remote UI. *4 Used for TLS, IEEE802.1x, IPSec, and device signatures. | |
Registration of Certificate Revocation Lists (CRL)
Up to 50 certificate revocation lists (CRL) can be registered. Note, however, that CRL cannot be registered in the following cases.
The data size of the CRL exceeds 1 MB.
An unsupported signature algorithm is being used.
The number of revoked certificates registered in one CRL file exceeds 10,000.
Definition of "Weak Encryption"
When <Prohibit Use of Weak Encryption> is set to <On>, the use of the following algorithms are prohibited.
Hash: | MD4, MD5, SHA-1 |
HMAC: | HMAC-MD5 |
Common key cryptosystem: | RC2, RC4, DES |
Public key cryptosystem: | RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024 bits), DH (512 bits/1024 bits) |
|
Even when <Prohibit Use of Key/Certificate with Weak Encryption> is set to <On>, the hash algorithm SHA-1, which is used for signing a root certificate, can be used. |
FIPS 140-2 Standard Algorithm
When <Format Encryption Method to FIPS 140-2> is set to <On>, the following algorithms are prohibited from use.
Hash: | MD4, MD5, SHA-1 (for a purpose other than TLS) |
Common key cryptosystem: | RC2, RC4, DES, PBE |
Public key cryptosystem: | RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA signature (512 bits/1024 bits), DH (512 bits/1024 bits) |
Log Management
The following types of logs can be managed on the machine. Collected logs can be exported in the CSV file format.
Log Type | Number Indicated as "Log Type" in the CSV File | Description |
Job Log | 1001 | This log contains information related to the completion of copy/fax/scan/send/print jobs. |
Transmission Log | 8193 | The log contains information related to transmissions. |
|
Logs can contain up to 40,000 records. When the number of records exceeds 40,000, they are deleted, with the oldest records first. |
Import/Export of the Setting Data
Max. Destinations Registered to Address Book
Address Lists 1 to 10/ Address List for Administrator: 1,600
One-Touch Address List: 200
Personal Address List: 25
Group Address List: 4,000*1 (10 groups*2 x 400 destinations*3)
*1 Total 20,000 for all groups
*2 Max. number of groups per user (a total of 50 groups can be registered in a device)
*3 Max. number of destinations per group
SCEP Server Support
Only the Network Device Enrollment Service (NDES) of Windows Server 2008 R2/2012 R2/2016 is supported.