Administrator's Guide NPD5668-00 EN
Administrator's Guide Contents Contents Copyright Basic Security Settings Introduction Introduction of Basic Security Features. . . . . . . . . . 32 Configuring the Administrator Password. . . . . . . . 32 Configuring the Administrator Password from the Control Panel. . . . . . . . . . . . . . . . . . . .33 Configuring the Administrator Password Using Web Config. . . . . . . . . . . . . . . . . . . . . . . 33 Items to be Locked by Administrator Password. . . . 34 Controlling protocols. . . . . . . . . .
Administrator's Guide Contents Model name and/or IP address are not displayed on EpsonNet Config. . . . . . . . . . . . . . 53 Appendix Introduction of Network Software. . . . . . . . . . . . . .55 Epson Device Admin. . . . . . . . . . . . . . . . . . . . . 55 EpsonNet Config. . . . . . . . . . . . . . . . . . . . . . . . 55 EpsonNet SetupManager. . . . . . . . . . . . . . . . . . 56 Assigning an IP Address Using EpsonNet Config. . . 56 Assigning IP Address Using Batch Settings. . . . .
Administrator's Guide Copyright Copyright No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of Seiko Epson Corporation. No patent liability is assumed with respect to the use of the information contained herein. Neither is any liability assumed for damages resulting from the use of the information herein.
Administrator's Guide Trademarks Trademarks ❏ EPSON is a registered trademark, and EPSON EXCEED YOUR VISION or EXCEED YOUR VISION is a trademark of Seiko Epson Corporation. ® ❏ Epson Scan 2 software is based in part on the work of the Independent JPEG Group. ❏ Google Cloud Print™, Chrome™, Chrome OS™, and Android™ are trademarks of Google Inc. ❏ Microsoft , Windows , Windows Server , and Windows Vista are registered trademarks of Microsoft Corporation.
Administrator's Guide About this Manual About this Manual Marks and Symbols ! Caution: Instructions that must be followed carefully to avoid bodily injury. c Important: Instructions that must be observed to avoid damage to your equipment. Note: Instructions containing useful tips and restrictions on scanner operation. Related Information & Clicking this icon takes you to related information.
Administrator's Guide About this Manual ❏ Microsoft Windows Server 2016 operating system ® ® ® ® ❏ Microsoft Windows Server 2012 operating system ® ® ❏ Microsoft Windows Server 2008 R2 operating system ® ® ❏ Microsoft Windows Server 2008 operating system ® ® ❏ Microsoft Windows Server 2003 R2 operating system ® ® ❏ Microsoft Windows Server 2003 operating system ® ® ❏ Microsoft Windows Server 2012 R2 operating system Mac OS In this manual, "Mac OS" is used to refer to macOS Sierra, OS X El Capitan, OS X Y
Administrator's Guide Introduction Introduction Manual Component This manual is for the device administrator who is in charge of connecting the printer or scanner to the network and it contains information on how to make settings to use the functions. See the User's Guide for function usage information. Preparation Explains the administrator’s tasks, how to set devices, and the software for managing. Connection Explains how to connect a device to the network.
Administrator's Guide Introduction Network administrator The person in charge of controlling network communication. The person who set up the router, proxy server, DNS server and mail server to control communication through the Internet or network. User The person who uses devices such as printers or scanners. Web Config(device’s web page) The web server that is built into the device. It is called Web Config. You can check and change the device’s status on it using the browser.
Administrator's Guide Preparation Preparation This chapter explains the role of the administrator and preparation before making settings. Flow of the Scanner Settings and Management The administrator makes the network connection settings, initial setup and maintenance for the scanner so they can be available to users. 1. Preparing ❏ Collecting the connection setting information ❏ Decision on the connection method 2. Connecting ❏ Network connection from the scanner’s control panel 3.
Administrator's Guide Preparation Example of Network Environment (A) : Office 1 ❏ (A) - 1 : LAN 1 ❏ (A) - 2 : LAN 2 (B) : Office 2 ❏ (B) - 1 : LAN 1 ❏ (B) - 2 : LAN 2 (C) : WAN (D) : Internet Introduction of scanner connection setting example There are mainly two connection types depending on how to use the scanner. Both connect the scanner to the network with the computer via the hub.
Administrator's Guide Preparation Server / Client Connection Centralize scanner and job management with Document Capture Pro Server installed on the server. It is most suitable for work that uses multiple scanners to scan a large number of documents in a certain format. Related Information & “Definitions of Terms Used in this Guide” on page 8 Peer to Peer Connection Use an individual scanner with a scanner driver such as Epson Scan 2 installed on the client computer.
Administrator's Guide Preparation Using Port Number See “Appendix” for the port number that the scanner uses. Related Information & “Using Port for the Scanner” on page 60 Type of IP Address Assignment There are two types for assigning an IP address to the scanner. Static IP address: Assign the predetermined unique IP address to the scanner. The IP address is not changed even when turning the scanner or router off, so you can manage the device by IP address.
Administrator's Guide Preparation Using the Installer: If the installer is used, the scanner's network and client computer are set automatically. The setting is available by following the installer's instructions, even if you do not have deep knowledge of the network. Using a Tool: Use a tool from the administrator’s computer. You can discover a scanner and then set the scanner, or create an SYLK file to make batch settings to scanners.
Administrator's Guide Connection Connection This chapter explains the environment or procedure to connect the scanner to the network. Connecting to the Network Connecting to the Network from the Control Panel Connect the scanner to the network by using the scanner's control panel. For the scanner's control panel, see the User's Guide for more details. Assigning the IP Address Set up the basic items such asIP Address,Subnet Mask, and Default Gateway. 1. Turn on the scanner. 2.
Administrator's Guide Connection 4. Tap TCP/IP. 5. Select Manual for Obtain IP Address. Note: When you set the IP address automatically by using the DHCP function of router, select Auto. In that case, the IP Address, Subnet Mask, and Default Gateway on step 6 to 7 are also set automatically, so go to step 8. 6. Tap the IP Address field, enter the IP address using the keyboard displayed on the screen, and then tap OK. Confirm the value reflected on the previous screen. 7.
Administrator's Guide Connection Note: If the combination of the IP Address, Subnet Mask and Default Gateway is incorrect, Start Setup is inactive and cannot proceed with the settings. Confirm that there is no error in the entry. 8. Tap the Primary DNS field for the DNS Server, enter the IP address for the primary DNS server using the keyboard displayed on the screen, and then tap OK. Confirm the value reflected on the previous screen.
Administrator's Guide Connection 3. Flick the screen upward, and then make sure the connection status and IP address are correct. Setting the Proxy Server The proxy server can not be set on the panel. Configure using Web Config. 1. Access Web Config and select Network Settings > Basic. 2. Select Use in Proxy Server Setting. 3. Specify the proxy server in IPv4 address or FQDN format in Proxy Server, and then enter the port number in Proxy Server Port Number.
Administrator's Guide Connection 4. Click the Next button. 5. Confirm the settings, and then click Settings. Related Information & “Accessing Web Config” on page 23 Connecting to the Network Using the Installer We recommend using the installer to connect the scanner to a computer. You can run the installer using one of the following methods. ❏ Setting up from the website Access the following website, and then enter the product name. Go to Setup, and then start setting up. http://epson.
Administrator's Guide Connection Selecting the Connection Methods Follow the on-screen instructions until the following screen is displayed and then select the connection method of the scanner to the computer. ❏ Windows Select the connection type and then click Next. ❏ Mac OS Select the connection type.
Administrator's Guide Connection Follow the on-screen instructions. The necessary software is installed.
Administrator's Guide Function Settings Function Settings This chapter explains the first settings to make in order to use each function of the device. Software for Setting In this topic, the procedure for making settings from the administrator’s computer using Web Config is explained. Web Config (Web Page for Device) About Web Config Web Config is a browser-based application for configuring the scanner's settings. To access Web Config, you need to have first assigned an IP address to the scanner.
Administrator's Guide Function Settings ❏ Advanced Settings You can configure the advanced settings for the scanner. This page is mainly for an administrator. Accessing Web Config Enter the scanner’s IP address into a web browser. JavaScript must be enabled. When accessing Web Config via HTTPS, a warning message will appear in the browser since a self-signed certificate, stored in the scanner, is used.
Administrator's Guide Function Settings Note: ❏ Examples IPv4: https://192.0.2.111/ http://192.0.2.111/ IPv6: https://[2001:db8::1000:1]/ http://[2001:db8::1000:1]/ ❏ If the scanner name is registered with the DNS server, you can use the scanner name instead of the scanner’s IP address.
Administrator's Guide Function Settings Software to be installed ❏ Epson Scan 2 This is a scanner driver. If you use the device from a computer, install the driver on each client computer. If Document Capture Pro/Document Capture is installed, you can perform the operations assigned to the buttons of the device. With EpsonNet SetupManager, printer drivers can also be distributed together in packages. ❏ Document Capture Pro (Windows) / Document Capture (Mac OS) Install on the client computer.
Administrator's Guide Function Settings 2. Make sure that Enable scanning of EPSON Scan is selected. If it is selected, this task is completed. Close Web Config. If it is cleared, select it and go to next step. 3. Click Next. 4. Click OK. The network is re-connected, and then the settings are enabled.
Administrator's Guide Function Settings 2. Select Operation Mode. ❏ Server Mode: Select this when using Document Capture Pro Server or when using Document Capture Pro only for jobs that have been set for a specific computer. ❏ Client Mode: Set this when you select the job setting of Document Capture Pro (Document Capture) installed on each client computer in the network without specifying the computer. 3. Set the following according to the selected mode.
Administrator's Guide Function Settings Name Settings Requirement Scan to Document Capture Pro (when using Document Capture Pro Server) Setup for logging on cloud services Internet connection environment Registration of the account for cloud services Use WSD scan (Windows only) If the computer uses Windows Vista or later, you can use WSD scan. When the WSD protocol can be used, the Computer (WSD) menu will be displayed on the scanner control panel. 1.
Administrator's Guide Function Settings 2. Tap Common Settings > Sound. 3. Set the following items as necessary. ❏ Operation sound Set the volume of the operation sound of the operation panel. ❏ Error sound Set the volume of the error sound. 4. Tap OK. Related Information & “Accessing Web Config” on page 23 Detect double feed of original Determine the function to detect double feed of the document to be scanned and to stop the scan when multiple feed occurs.
Administrator's Guide Function Settings Making System Settings Using Web Config Power Saving Settings During Inactivity Make the power saving setting for the scanner’s period of inactivity. Set the time depending on your usage environment. Note: You can also make the power saving settings on the scanner’s control panel. 1. Access Web Config and select System Settings > Power Saving. 2. Enter the time for the Sleep Timer to switch to power saving mode when inactivity occurs.
Administrator's Guide Function Settings Setting the Restriction for the External Interface You can restrict the USB connection from the computer. Set it to limit scanning other than via the network. 1. Access Web Config and select System Settings > External Interface. 2. Select Enable or Disable. To restrict, select Disable. 3. Click OK. Synchronizing the Date and Time with Time Server If you use a CA certificate, you can prevent trouble with the time. 1.
Administrator's Guide Basic Security Settings Basic Security Settings This chapter explains the basic security settings that do not require a special environment. Introduction of Basic Security Features We introduce he basic security features of Epson Devices. Feature name Feature type What to set What to prevent Setup for the administrator password Lock the settings related to the system, such as network and USB connection settings, so that it can not be changed except by the administrator.
Administrator's Guide Basic Security Settings Configuring the Administrator Password from the Control Panel You can set the administrator password from the scanner’s control panel. 1. Tap Settings on the home screen. 2. Tap System Administration > Admin Settings. If the item is not displayed, flick the screen upward to display the item. 3. Tap Admin Password > Register. 4. Enter the new password, and then tap OK. 5. Enter the password again, and then tap OK. 6. Tap OK on the confirmation screen.
Administrator's Guide Basic Security Settings 2. Enter a password to New Password and Confirm New Password. Enter the user name, if necessary. If you want to change the password to new one, enter a current password. 3. Select OK. Note: ❏ To set or change the locked menu items, click Administrator Login, and then enter the administrator password.
Administrator's Guide Basic Security Settings Item Description User services setting Setup for controling communication protocols, Network scan, and Document Capture Pro services. Email server setting Setup of an email server that devices directly communicate with. Security setting Settings for network security, such as SSL/TLS communication, IPsec/IP filtering, and IEEE802.1X.
Administrator's Guide Basic Security Settings Protocols you can Enable or Disable Protocol Description Bonjour Settings You can specify whether to use Bonjour. Bonjour is used to search for devices, scan and so on. SLP Settings You can enable or disable the SLPfunction. SLP is used for Epson Scan 2 and network searching in EpsonNet Config. WSD Settings You can enable or disable the WSD function. When this is enabled, you can add WSD devices or scan from the WSD port.
Administrator's Guide Basic Security Settings Protocol Setting Items Items Setting value and Description Bonjour Settings 37
Administrator's Guide Basic Security Settings Items Setting value and Description Use Bonjour Select this to search for or use devices through Bonjour . Bonjour Name Displays the Bonjour name. Bonjour Service Name You can display and set the Bonjour service name. Location Displays the Bonjour location name. SLP Settings Enable SLP Select this to enable the SLP function. It is used for network discovery in Epson Scan 2 and EpsonNet Config.
Administrator's Guide Basic Security Settings Items Setting value and Description Password Enter the password for an authentication for SNMPv3. Enter between 8 and 32 characters in ASCII (0x20-0x7E). If you do not specify this, leave it blank. Confirm Password Enter the password you configured for confirmation. Encryption Settings Algorithm Select an algorithm for an encryption for SNMPv3. Password Enter the password for an encryption for SNMPv3.
Administrator's Guide Operation and Management Settings Operation and Management Settings This chapter explains the items related to the daily operations and management of the device. Confirm Information of a Device You can check the following information of the operating device from Status by using Web Config. ❏ Product Status Check the language, status, product number, MAC address, etc. ❏ Network Status Check the information of the network connection status, IP address, DNS server, etc.
Administrator's Guide Operation and Management Settings ❏ Monitoring devices You can regularly acquire the status and detailed information for devices on the network. You can also monitor devices that are connected to computers on the network by USB cables and devices from other companies that have been registered to the device list. To monitor devices connected by USB cables, you need to install the Epson Device USB Agent.
Administrator's Guide Operation and Management Settings 4. Check the boxes for the notifications you want to receive. 5. Click OK. Related Information & “Accessing Web Config” on page 23 & “Configuring a Mail Server” on page 42 Configuring a Mail Server Check the following before configuring. ❏ The scanner is connected to a network. ❏ The computer’s email server information. 1. Access Web Config and select Network Settings > Email Server > Basic. 2. Enter a value for each item. 3. Select OK.
Administrator's Guide Operation and Management Settings Mail Server Setting Items Items Authentication Method Settings and Explanation Specify the authentication method for the scanner to access the mail server. Off Authentication is disabled when communicating with a mail server. SMTP AUTH Requires that a mail server supports SMTP Authentication. POP before SMTP Configure the POP3 server when selecting this method.
Administrator's Guide Operation and Management Settings Items Secure Connection Settings and Explanation Specify the secure connection method for the email server. None If you select POP before SMTP in Authentication Method, the connection method is set to None. SSL/TLS This is available when Authentication Method is set to Off or SMTP AUTH. STARTTLS This is available when Authentication Method is set to Off or SMTP AUTH. Certificate Validation The certificate is validated when this is enabled.
Administrator's Guide Operation and Management Settings Messages POP3 server communication error. Check the following. - Network Settings Explanation This message appears when ❏ The scanner is not connected to a network ❏ POP3 server is down ❏ Network connection is disconnected while communicating ❏ Received incomplete data An error occurred while connecting to SMTP server. Check the followings.
Administrator's Guide Operation and Management Settings Messages Explanation Sender's Email Address is incorrect. Change to the email address for your email service. This message appears when the specified sender’s Email address is wrong. Cannot access the product until processing is complete. This message appears when the scanner is busy. Related Information & “Checking a Mail Server Connection” on page 44 Updating Firmware Updating Firmware UsingWeb Config Updates firmware using Web Config.
Administrator's Guide Operation and Management Settings Backing Up the Settings By exporting the setting items on Web Config, you can copy the items to the other scanners. Export the settings Export each setting for the scanner. 1. Access Web Config, and then select Export and Import Setting Value > Export. 2. Select the settings that you want to export. Select the settings you want to export. If you select the parent category, subcategories are also selected.
Administrator's Guide Operation and Management Settings Related Information & “Accessing Web Config” on page 23 48
Administrator's Guide Solving Problems Solving Problems Tips for Solving Problems You can find more information in the following manual. ❏ User's Guide Provides instructions on using the scanner, maintenance, and solving problems. Checking Log for Server and Network Device In case of trouble with network connection, it may be possible to identify the cause by confirming the log of the mail server, etc., checking the status using the network log of system equipment logs and commands, such as routers.
Administrator's Guide Solving Problems 2. Display the computer's command prompt screen. ❏ Windows 10 Right-click the start button or press and hold it, and then select Command Prompt. ❏ Windows 8.1/Windows 8/Windows Server 2012 R2/Windows Server 2012 Display the application screen, and then select Command Prompt. ❏ Windows 7/Windows Server 2008 R2/Windows Vista/Windows Server 2008 or earlier Click the start button, select All Programs or Programs > Accessories > Command Prompt. 3. Enter ‘ping xxx.xxx.
Administrator's Guide Solving Problems If the scanner and the computer are not communicating, the following message is displayed. Checking the Connection Using a Ping Command - Mac OS You can use a Ping command to make sure the computer is connected to the scanner. Follow the steps below to check the connection using a Ping command. 1. Check the scanner's IP address for the connection that you want to check. You can check this using Epson Scan 2. 2. Run Network Utility.
Administrator's Guide Solving Problems 4. Check the communication status. If the scanner and the computer are communicating, the following message is displayed. If the scanner and the computer are not communicating, the following message is displayed. Problems Using Network Software Cannot Access Web Config Is the IP address of the scanner properly configured? Configure the IP address using Epson Device Admin or EpsonNet Config.
Administrator's Guide Solving Problems ❏ 192bit: AES256 ❏ 256bit: AES256 The message "Out of date" appears when accessing Web Config using SSL communication (https). If the certificate is out of date, obtain the certificate again. If the message appears before its expiration date, make sure that the scanner’s date is configured correctly. The message "The name of the security certificate does not match···" appears when accessing Web Config using SSL communication (https).
Administrator's Guide Solving Problems Related Information & “Running EpsonNet Config - Windows” on page 56 & “Running EpsonNet Config - Mac OS” on page 56 54
Administrator's Guide Appendix Appendix Introduction of Network Software The following describes the software that configures and manages devices. Epson Device Admin Epson Device Admin is an application that allows you to install devices on the network, and then configure and manage the devices. You can acquire detailed information for devices such as status and consumables, send notifications of alerts, and create reports for device usage.
Administrator's Guide Appendix Running EpsonNet Config - Windows Select All Programs > EpsonNet > EpsonNet Config SE > EpsonNet Config. Note: If the firewall alert appears, allow access for EpsonNet Config. Running EpsonNet Config - Mac OS Select Go > Applications > Epson Software > EpsonNet > EpsonNet Config SE > EpsonNet Config.
Administrator's Guide Appendix 4. 0000XXXX0001 ALC-XXXXX 192.168.100.102 0000XXXX0002 ALC-XXXXX 192.168.100.103 0000XXXX0003 ALC-XXXXX 192.168.100.104 Enter a name and save as a SYLK file (*.slk). Making Batch Settings Using the Configuration File Assign IP addresses in the configuration file (SYLK file) at one time. You need to create the configuration file before assigning. 1. Connect all devices to the network using Ethernet cables. 2. Turn on the scanner. 3. Start EpsonNet Config.
Administrator's Guide Appendix 7. Select the devices for which you want to perform batch settings with the Status column set to Unassigned, and the Process Status set to Assign Successful. When making multiple selections, press Ctrl or Shift and click or drag your mouse. 8. Click Transmit. 9. When the password entry screen is displayed, enter the password, and then click OK. Transmit the settings. Note: The information is transmitted to the network interface until the progress meter is finished.
Administrator's Guide Appendix 11. Check the status of the device you set. For devices that show normally. Icon or , check the contents of the settings file, or that the device has rebooted Status Process Status Explanation Setup Complete Setup Successful Setup completed normally. Setup Complete Rebooting When information has been transmitted, each device needs to reboot to enable the settings. A check is performed to determine whether or not the device can be connected to after rebooting.
Administrator's Guide Appendix 6. Enter the addresses for IP Address, Subnet Mask, and Default Gateway. Note: Enter a static address when you connect the scanner to a secure network. 7. Click Transmit. The screen confirming transmission of the information is displayed. 8. Click OK. The transmission completion screen is displayed. Note: The information is transmitted to the device, and then the message "Configuration successfully completed." is displayed.
Administrator's Guide Appendix Sender (Client) Use Destination (Server) Protocol Port Number Scanner Email sending (Email notification) SMTP server SMTP (TCP) 25 SMTP SSL/TLS (TCP) 465 SMTP STARTTLS (TCP) 587 Client Computer POP before SMTP connection (Email notification POP server POP3 (TCP) 110 Control WSD Client computer WSD (TCP) 5357 Search the computer when push scanning from Document Capture Pro Client computer Network Push Scan Discovery 2968 Collecting the job informatio
Administrator's Guide Advanced Security Settings for Enterprise Advanced Security Settings for Enterprise In this chapter, we describe advanced security features. Security Settings and Prevention of Danger When a device is connected to a network, you can access it from a remote location. In addition, many people can share the device, which is helpful in improving operational efficiency and convenience. However, risks such as illegal access, illegal use, and tampering with data are increased.
Administrator's Guide Advanced Security Settings for Enterprise Name Feature type What to set What to prevent Read ID card You can use the device by holding over an ID card to the authenticated device that is connected. You can limit the acquiring of logs for each user and device, and limit the available use of devices and the available features of each user and group. Connect an authentication device to the device, and then set the information of a user in the authentication system.
Administrator's Guide Advanced Security Settings for Enterprise & “Deleting a CA-signed Certificate” on page 67 & “Updating a Self-signed Certificate” on page 68 Obtaining and Importing a CA-signed Certificate Obtaining a CA-signed Certificate To obtain a CA-signed certificate, create a CSR (Certificate Signing Request) and apply it to certificate authority. You can create a CSR using Web Config and a computer. Follow the steps to create a CSR and obtain a CA-signed certificate using Web Config.
Administrator's Guide Advanced Security Settings for Enterprise CSR Setting Items Items Settings and Explanation Key Length Select a key length for a CSR. Common Name You can enter between 1 and 128 characters. If this is an IP address, it should be a static IP address. Example: URL for accessing Web Config: https://10.152.12.225 Common name: 10.152.12.225 Organization/ Organizational Unit/ Locality/ State/Province You can enter between 0 and 64 characters in ASCII (0x20-0x7E).
Administrator's Guide Advanced Security Settings for Enterprise 1. Access Web Config and then select Network Security Settings. Next, select SSL/TLS > Certificate, or IPsec/IP Filtering > Client Certificate or IEEE802.1X > Client Certificate. 2. Click Import. A certificate importing page is opened. 3. Enter a value for each item. Depending on where you create a CSR and the file format of the certificate, required settings may vary. Enter values to required items according to the following.
Administrator's Guide Advanced Security Settings for Enterprise CA-signed Certificate Importing Setting Items Items Settings and Explanation Server Certificate or Client Certificate Select a certificate’s format. Private Key If you obtain a certificate of the PEM/DER format by using a CSR created from a computer, specify a private key file that is match a certificate. Password Enter a password to encrypt a private key.
Administrator's Guide Advanced Security Settings for Enterprise c Important: If you obtain a certificate using a CSR created from Web Config, you cannot import a deleted certificate again. In this case, create a CSR and obtain a certificate again. 1. Access Web Config, and then select Network Security Settings. Next, select SSL/TLS > Certificate or IPsec/IP Filtering > Client Certificate or IEEE802.1X > Client Certificate. 2. Click Delete. 3.
Administrator's Guide Advanced Security Settings for Enterprise 4. Specify a validity period for the certificate. 5. Click Next. A confirmation message is displayed. 6. Click OK. The scanner is updated. Note: Click Confirm to verify the certificate information. Related Information & “Accessing Web Config” on page 23 Configure CA Certificate You can import, display, delete a CA Certificate. Importing a CA Certificate 1. Access Web Config, and then select Network Security Settings > CA Certificate.
Administrator's Guide Advanced Security Settings for Enterprise 3. Specify the CA Certificate you want to import. 4. Click OK. When importing is complete, you are returned to the CA Certificate screen, and the imported CA Certificate is displayed. Related Information & “Accessing Web Config” on page 23 Deleting a CA Certificate You can delete the imported CA Certificate. 1. Access Web Config, and then select Network Security Settings > CA Certificate.
Administrator's Guide Advanced Security Settings for Enterprise 2. Click Delete next to the CA Certificate that you want to delete. 3. Confirm that you want to delete the certificate in the message displayed. Related Information & “Accessing Web Config” on page 23 Encrypted Communication Using IPsec/IP Filtering About IPsec/IP Filtering If the scanner supports IPsec/IP Filtering, you can filter traffic based on IP addresses, services, and port.
Administrator's Guide Advanced Security Settings for Enterprise Configuring Default Policy 1. Access Web Config and select Network Security Settings > IPsec/IP Filtering > Basic. 2. Enter a value for each item. 3. Click Next. A confirmation message is displayed. 4. Click OK. The scanner is updated.
Administrator's Guide Advanced Security Settings for Enterprise Items Access Control IKE Version Settings and Explanation Configure a control method for traffic of IP packets. Permit Access Select this to permit configured IP packets to pass through. Refuse Access Select this to refuse configured IP packets to pass through. IPsec Select this to permit configured IPsec packets to pass through. Select IKEv1 or IKEv2 for IKE version.
Administrator's Guide Advanced Security Settings for Enterprise Items Remote Settings and Explanation Authentication Method To select Certificate, you need to obtain and import a CAsigned certificate in advance. ID Type Select the type of ID for the device that you want to authenticate. ID Enter the scanner's ID that matches to the type of ID. You cannot use "@", "#", and "=" for the first character. Distinguished Name : Enter 1 to 128 1-byte ASCII (0x20 to 0x7E) characters. You need to include "=".
Administrator's Guide Advanced Security Settings for Enterprise Items ESP Settings and Explanation Encryption Select the encryption algorithm for ESP. This is available when ESP is selected for Security Protocol. Authentication Select the authentication algorithm for ESP. This is available when ESP is selected for Security Protocol. AH Authentication Select the encryption algorithm for AH. This is available when AH is selected for Security Protocol.
Administrator's Guide Advanced Security Settings for Enterprise Group Policy Setting Items Items Settings and Explanation Enable this Group Policy You can enable or disable a group policy. Access Control Configure a control method for traffic of IP packets. Permit Access Select this to permit configured IP packets to pass through. Refuse Access Select this to refuse configured IP packets to pass through. IPsec Select this to permit configured IPsec packets to pass through.
Administrator's Guide Advanced Security Settings for Enterprise Items Transport Protocol Local Port Settings and Explanation If you select Port Number for Method of Choosing Port, you need to configure an encapsulation mode. Any Protocol Select this to control all protocol types. TCP Select this to control data for unicast. UDP Select this to control data for broadcast and multicast. ICMPv4 Select this to control ping command.
Administrator's Guide Advanced Security Settings for Enterprise Items Local Settings and Explanation Authentication Method If you select IPsec for Access Control, select an option. Used certificate is common with a default policy. ID Type Select the type of ID for the scanner. ID Enter the scanner's ID that matches to the type of ID. You cannot use "@", "#", and "=" for the first character. Distinguished Name : Enter 1 to 128 1-byte ASCII (0x20 to 0x7E) characters. You need to include "=".
Administrator's Guide Advanced Security Settings for Enterprise Items Settings and Explanation Remote Gateway(Tunnel Mode) If you select Tunnel Mode for Encapsulation, enter a gateway address between 1 and 39 characters. Security Protocol If you select IPsec for Access Control, select an option. ESP Select this to ensure the integrity of an authentication and data, and encrypt data. AH Select this to ensure the integrity of an authentication and data.
Administrator's Guide Advanced Security Settings for Enterprise *3Except IPv6 link local addresses. References of Service Name on Group Policy Note: Unavailable services are displayed but cannot be selected.
Administrator's Guide Advanced Security Settings for Enterprise Do not configure. Accepting scan using Epson Scan 2 and scanner settings This example allows communications of scanning data and scanner configuration from specified services. Default Policy: ❏ IPsec/IP Filtering: Enable ❏ Access Control: Refuse Access Group Policy: ❏ Enable this Group Policy: Check the box.
Administrator's Guide Advanced Security Settings for Enterprise 2. Import the certificate in Client Certificate. If you have already imported a certificate published by a Certification Authority in IEEE802.1X or SSL/TLS, you can copy the certificate and use it in IPsec/IP Filtering. To copy, select the certificate from Copy From, and then click Copy.
Administrator's Guide Advanced Security Settings for Enterprise 1. Access Web Config and select Services > Protocol . 2. Enter a value for each item of SNMPv3 Settings. 3. Click Next. A confirmation message is displayed. 4. Click OK. The scanner is updated. Related Information & “Accessing Web Config” on page 23 & “SNMPv3 Setting Items” on page 83 SNMPv3 Setting Items Items Settings and Explanation Enable SNMPv3 SNMPv3 is enabled when the box is checked.
Administrator's Guide Advanced Security Settings for Enterprise Items Settings and Explanation Password Enter between 8 and 32 characters in ASCII (0x20-0x7E). Confirm Password Enter the password you configured for confirmation. Encryption Settings Algorithm Select an algorithm for an encryption. Password Enter between 8 and 32 characters in ASCII (0x20-0x7E). Confirm Password Enter the password you configured for confirmation.
Administrator's Guide Advanced Security Settings for Enterprise IEEE802.1X Network Setting Items Items Settings and Explanation IEEE802.1X (Wired LAN) You can enable or disable settings of the page (IEEE802.1X > Basic) for IEEE802.1X (Wired LAN). EAP Type Select an option for an authentication method between the scanner and a RADIUS server. EAP-TLS You need to obtain and import a CA-signed certificate. PEAP-TLS PEAP/MSCHAPv2 User ID You need to configure a password.
Administrator's Guide Advanced Security Settings for Enterprise Items Anonymous Name Settings and Explanation If you select PEAP-TLS or PEAP/MSCHAPv2 for Authentication Method, you can configure an anonymous name instead of a user ID for a phase 1 of a PEAP authentication. Enter 0 to 128 1-byte ASCII (0x20 to 0x7E) characters. Encryption Strength You can select one of the followings. High AES256/3DES Middle AES256/3DES/AES128/RC4 Related Information & “Configuring an IEEE802.
Administrator's Guide Advanced Security Settings for Enterprise Related Information & “Accessing Web Config” on page 23 & “Obtaining and Importing a CA-signed Certificate” on page 64 Solving Problems for Advanced Security Restoring the Security Settings When you establish a highly secure environment such as IPsec/IP Filtering or IEEE802.1X, you may not be able to communicate with devices because of incorrect settings or trouble with the device or server.
Administrator's Guide Advanced Security Settings for Enterprise Problems Using Network Security Features Forgot a Pre–shared Key Configure the key again using Web Config. To change the key, access Web Config and select Network Security Settings > IPsec/IP Filtering > Basic > Default Policy or Group Policy. When you change the pre-shared key, configure the pre-shared key for computers.
Administrator's Guide Advanced Security Settings for Enterprise If the DHCP is out of date, rebooting or the IPv6 address is out of date or has not been obtained, then the IP address registered for the scanner’s Web Config (Network Security Settings > IPsec/IP Filtering > Basic > Group Policy > Local Address (Scanner)) may not be found. Use a static IP address. Is the computer’s IP address invalid or has it changed? Disable IPsec using the scanner’s control panel.
Administrator's Guide Advanced Security Settings for Enterprise ❏ Are you trying to import the certificate to a device that does not have the same information? Check the information of the CSR and then import the certificate to a device that has the same information. ❏ Did you overwrite the CSR saved into the scanner after sending the CSR to a certificate authority? Obtain the CA-signed certificate again with the CSR.
Administrator's Guide Advanced Security Settings for Enterprise Related Information & “Obtaining a CA-signed Certificate” on page 64 Warning Relating to a Digital Certificate Appears Messages Enter a Server Certificate. Cause/What to do Cause: You have not selected a file to import. What to do: Select a file and click Import. CA Certificate 1 is not entered. Cause: CA certificate 1 is not entered and only CA certificate 2 is entered. What to do: Import CA certificate 1 first. Invalid value below.
Administrator's Guide Advanced Security Settings for Enterprise Messages Invalid file. Cause/What to do Cause: You are not importing a certificate file in X509 format. What to do: Make sure that you are selecting the correct certificate sent by a trusted certificate authority. Cause: The file you have imported is too large. The maximum file size is 5KB. What to do: If you select the correct file, the certificate might be corrupted or fabricated. Cause: The chain contained in the certificate is invalid.
Administrator's Guide Advanced Security Settings for Enterprise Messages Setup failed. Cause/What to do Cause: Cannot finish the configuration because the communication between the scanner and computer failed or the file cannot be read by some errors. What to do: After checking the specified file and communication, import the file again.
