Security and Management Function Specifications
Firewall
Up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
Up to 32 MAC addresses can be specified.
Keys and Certificates
The following keys and certificates are supported:
Self-generated Key and Self-signed Certificate or CSR
Public key algorithm (and key length) | RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) DSA (1024Bits, 2048Bits, 3072Bits) ECDSA (P256, P384, P521) |
Certificate signature algorithm | RSA: SHA-1*1, SHA-256, SHA-384*2, SHA-512*2 DSA: SHA-1*1 ECDSA: SHA-1*1, SHA-256, SHA-384, SHA-512 |
Certificate thumbprint algorithm | SHA1 |
*1 Available only when installed by using the Remote UI.
*2 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
Key and Certificate or CA Certificate for Installation
Format | Key PKCS#12*1*2 CA certificate X.509 DER format/PEM format*3 |
File extension | Key ".p12" or ".pfx" CA certificate ".cer" or ".pem" |
Public key algorithm (and key length) | RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) DSA (1024 bits, 2048 bits, 3072 bits) ECDSA (P256, P384, P521) |
Certificate signature algorithm | RSA: SHA-1*4, SHA-256, SHA-384*5, SHA-512*5 DSA: SHA-1*4 ECDSA: SHA-1*4, SHA-256, SHA-384, SHA-512 |
Certificate thumbprint algorithm | SHA1 |
*1 Requirements for the certificate contained in a key are pursuant to CA certificates.
*2 Certificates cannot be registered if the file size exceeds 16KB.
*3 Certificates cannot be registered if the file size exceeds 4KB.
*4 Available only when installed by using the Remote UI.
*5 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
|
The machine does not support use of a certificate revocation list (CRL). |
Definition of "Weak Encryption"
When [Prohibit Use of Weak Encryption] in [Encryption Settings] is set to [On], the use of the following algorithms is prohibited. [Encryption Settings]
Hash | MD4, MD5, SHA-1 |
HMAC | HMAC-MD5 |
Common key encryption | RC2, RC4, DES |
Public key encryption | RSA encryption (512 bits/1024 bits) RSA signature (512 bits/1024 bits) DSA (512 bits/1024 bits) DH (512 bits/1024 bits) |
|
Even when [Prohibit Key/Cert. with Weak Encryption] in [Encryption Settings] is set to [On], the hash algorithm SHA-1, which is used for signing a root certificate, can be used. |
TLS
The following combinations of the TLS version and algorithm are usable:
: Usable 
: Not usableAlgorithm | TLS Version | |||
TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 | |
Encryption Algorithm | ||||
AES-CBC (256bit) | | | | |
AES-CBC (128bit) | | | | |
AES-GCM (256bit) | | | | |
AES-GCM (128bit) | | | | |
3DES-CBC | | | | |
CHACHA20-POLY1305 | | | | |
Key Exchange Algorithm | ||||
RSA | | | | |
ECDHE | | | | |
X25519 | | | | |
Signature Algorithm | ||||
RSA | | | | |
ECDSA | | | | |
HMAC Algorithm | ||||
SHA1 | | | | |
SHA256 | | | | |
SHA384 | | | | |
Log Type
You can manage the following logs on the machine. The recorded logs can be sent to an SIEM (security information/event management) system via the Syslog protocol.
Log Type | Number Indicated as "Log Type" | Description |
User Authentication Log | 4098 | This log contains information related to the authentication status of user authentication (login/logout and user authentication success/failure), the registering/changing/deleting of user information managed with User Authentication. |
Machine Management Log | 8198 | This log contains information related to the starting/shutting down of the machine, changes made to the settings by using the [Menu]. The Machine Management Log also records changes in user information or security-related settings when the machine is inspected or repaired by your dealer or service representative. |