Administrator's Guide

ManualsBrandsHP ManualsNetwork Print ServersHP Jetdirect 640n Print Server

111

112

113

114

115

116

117

118

119

120

Table 5-1 IPsec/Firewall Policy page

Item Description

Enable IPsec/Firewall

Enable Firewall

Select the check box to enable your IPsec or Firewall policy. Clear this check box to

disable IPsec/Firewall operation.

IPsec/Firewall Rules Configure up to ten rules in descending order of precedence. For example, Rule 1 is

higher in precedence than Rule 2.

Define each rule using the following fields:

●

Enable Select whether a configured rule is enabled or disabled for the policy.

●

Address Template Set the IP addresses for which the rule applies. Select

among several predefined templates, or specify a custom template. Click on a

template entry to view or modify the template configuration.

●

Services Template Identify the services for which the rule applies. Select

among several predefined templates, or specify a custom template. Click on a

template entry to view or modify the template configuration.

CAUTION: If the All Services template for a rule is not specified, a security

risk can exist. Future networking applications deployed after the IPsec Policy is

in place might not be IPsec-protected unless the All Services template is used.

For example, installing a third-party Chai service plug-in, or upgrading firmware

for the printer or print server, can result in a new service that is not covered by

the IPsec policy. Review policies whenever firmware is updated or a new Chai

applet is installed.

●

Action on Match Define how to process the IP traffic that contains the

addresses and services specified.

For Firewall operation, the traffic is allowed or dropped, depending on the action

specified by the rule.

For IPsec operation, the traffic is allowed without IPsec protection, dropped, or

IPsec-protected using an IPsec template specified for the rule. Click on a

template entry to view or modify the template configuration.

Default Rule Indicate whether the default rule drops or allows the traffic. The default rule specifies

whether to process IP packets that do not match the configured rules.

Select Drop (default) to discard traffic not covered by the configured rules.

Select Allow to allow traffic that is not covered by the configured rules. Allowing IP

packets that do not match the configured rules is not secure.

For an example, see

Default Rule example on page 108.

Add Rules

Delete Rules

Select Add Rules to configure rules using the IPsec wizard..

Select Delete Rules to remove one or more rules from the policy.

Advanced Configure a Failsafe feature to prevent lock out of the print server over HTTPS

(secure Web browser access) during IPsec/Firewall policy set up.

You can allow selected multicast and broadcast traffic to bypass your IPsec/Firewall

policy. This might be required for device discovery by system installation utilities.

ENWW 107