Home > Canon > Printer > Canon I Sensys Mf8280cw User Guide

Canon I Sensys Mf8280cw User Guide

    Download as PDF Print this page Share this page

    Have a look at the manual Canon I Sensys Mf8280cw User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1335 Canon manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    Page
    of 750
    							0ALJ-0A4
    Enabling SSL Encrypted Communication for the Remote UI
    You  can encrypt  communication between  the  machine and  a Web browser  on  the  computer  by using Secure Sockets Layer  (SSL). SSL  is
    a mechanism for  encrypting  data sent or received over the  network. SSL  must be enabled  when the  Remote  UI is  used for  specifying
    settings for  IPSec (Pre -Shared  Key Method), IEEE  802.1X authentication (TTLS/PEAP), or SNMPv3.  To use SSL  for  the  Remote  UI, you
    need to  set a key  pair  and  enable  the  SSL  function.  Generate  or install the  key  pair  for  SSL  before enabling  SSL  (
    Configuring
    Settings  for Key  Pairs and  Digital Certificates ).
    Start  the Remote UI  and  log  on in System Manager Mode.  Starting Remote UI
    Click [Settings/Registration].
    Click [Network Settings]  [TCP/IP  Settings].
    Click [Key and  Certificate...]  in [SSL Settings].
    Click [Register Default Key] on the right of the key pair you want to use.
    1
    2
    3
    4
    5
    >à>ß>Ý>Ì>Û>Ì>â>ã>â
     
    						
    							NOTE:
    Viewing details of a certificate
    You  can check  the  details of the  certificate or verify the  certificate by clicking  the  corresponding text link  under [Key Name], or
    the  certificate icon.  
    Verifying  Key  Pairs and  Digital Certificates
    Enable SSL for the Remote UI.
    1Click [Security  Settings]   [Remote  UI Settings].
    2Click [Edit...].
    3Select the [Use SSL] check box and  click [OK].
    Restart the machine.
    Turn  OFF  the  machine, wait  for  at least  10 seconds,  and  turn  it back ON.
    NOTE
    Using  the operation panel
    You  can enable  or disable the  SSL  encrypted  communication from .Use SSL
    6
    7
    >à>ß>Þ>Ì>Û>Ì>â>ã>â
     
    						
    							Starting the Remote UI  with SSL
    If  you try to  start the  Remote  UI when SSL  is  enabled,  a security alert may  be displayed regarding the  security certificate.  In this
    case, check  that  the  correct URL is  entered  in the  address field,  and  then  proceed to  display the  Remote  UI screen. Starting
    Remote  UI
    Enabling  SSL for e-mailing  (MF8580Cdw / MF8550Cdn  / MF8540Cdn  only)
    If  the  SMTP server  and  the  POP3  server  support SSL, you can enable  SSL  for  communication with these servers (Configuring
    Advanced E- mail  Settings ). For more information  about  the  SMTP server  and  the  POP3  server, contact your Internet  service
    provider  or Network Administrator.
    LINKS
    Generating Key  Pairs
    Using  CA- issued Key  Pairs and  Digital Certificates
    Configuring  IPSec  Settings
    Configuring  IEEE 802.1X Authentication
    Monitoring  and  Controlling the Machine  with SNMP
    >à>ß>ß>Ì>Û>Ì>â>ã>â
     
    						
    							0ALJ-0A5
    Configuring IPSec Settings
    Internet  Protocol Security (IPSec or IPsec) is  a protocol suite for  encrypting  data transported over a network, including Internet  networks.
    While SSL  only encrypts data used on  a specific application,  such as a Web browser  or an  e-mail application,  IPSec encrypts either whole
    IP  packets  or the  payloads of IP  packets, offering  a more versatile security system. The IPSec of the  machine works in transport  mode,
    in which the  payloads of IP  packets  are  encrypted. With this feature, the  machine can connect directly  to  a computer  that  is  in the  same
    virtual private network (VPN). Check the  system requirements and  set the  necessary  configuration on  the  computer  before you configure
    the  machine.
    System Requirements
    NOTE
    IPSec functional restrictions
    IPSec supports communication to  a unicast address (or a single device).
    The machine cannot  use both  IPSec and  DHCPv6 at the  same time.
    IPSec is  unavailable  in networks in which NAT or IP  masquerade is  implemented.
    Using  IPSec with IP address filter
    IP  address filter  settings are  applied before the  IPSec policies.
    Specifying IP Addresses  for Firewall  Rules
    IPSec that  is  supported by the  machine conforms  to  RFC2401, RFC2402, RFC2406, and  RFC4305.
    Operating system Windows  XP/Vista/7/8/Server  2003/Server  2008/Server  2012
    Connection mode Transport  mode
    Key exchange
    protocol IKEv1 (main  mode)
    Authentication method
    Pre -shared  key
    Digital signature
    Hash algorithm 
    (and  key  length) HMAC-SHA1-96
    HMAC-SHA2 (256 bits or 384 bits)
    Encryption algorithm 
    (and  key  length) 3DES-CBC
    AES-CBC  (128 bits,  192 bits,  or 256
    bits)
    Key exchange  algorithm/group  (and  key  length) Diffie -Hellman  (DH)
    Group 1  (768 bits)
    Group 2  (1024 bits)
    Group 14 (2048 bits)
    ESP Hash algorithm HMAC-SHA1-96
    Encryption algorithm 
    (and  key  length)
    3DES-CBC
    AES-CBC  (128 bits,  192 bits,  or 256
    bits)
    Hash algorithm/encryption  algorithm (and  key
    length) AES-GCM  (128 bits,  192 bits,  or 256 bits)
    AH Hash algorithm HMAC-SHA1-96
    >à>ß>à>Ì>Û>Ì>â>ã>â
     
    						
    							Before using IPSec for  encrypted  communication,  you need to  register  security policies (SP).  A security policy consists of the  groups of
    settings described below. Up to  10 policies can be registered. After registering  policies, specify  the  order in which they are  applied.
    Selector
    Selector  defines conditions  for  IP  packets  to  apply  IPSec communication.  Selectable  conditions  include  IP  addresses and  port
    numbers  of the  machine and  the  devices to  communicate with.
    IKE
    IKE configures the  IKEv1 that  is  used for  key  exchange  protocol. Note that  instructions vary depending on  the  authentication me thod
    selected.
    [Pre- Shared Key  Method]
    A key  of up  to  24 alphanumeric  characters  can be shared  with the  other devices.  Enable SSL  for  the  Remote  UI before specifying   this
    authentication method (
    Enabling  SSL Encrypted Communication for the Remote  UI ).
    [Digital Signature Method]
    The machine and  the  other devices authenticate each other by mutually verifying their  digital signatures. Generate  or install the  key
    pair  beforehand (
    Configuring  Settings  for Key  Pairs and  Digital Certificates ).
    AH/ESP
    Specify the  settings for  AH/ESP,  which is  added to  packets  during IPSec communication.  AH and  ESP can be used at the  same time.
    You  can also  select whether  or not  to  enable  PFS  for  tighter security.
    Start  the Remote UI  and  log  on in System Manager Mode.  Starting Remote UI
    Click [Settings/Registration].
    Click [Security  Settings]  [IPSec Settings].
    Click [Edit...].
    Configuring IPSec Settings
    1
    2
    3
    4
    >à>ß>á>Ì>Û>Ì>â>ã>â
     
    						
    							Select the [Use IPSec] check  box and  click [OK].
    If  you want the  machine to  only receive packets  that  match one of the  security policies that  you define in the  steps below, clear
    the  [Receive  Non-Policy  Packets] check  box.
    Click [Register New Policy...].
    Specify  the Policy Settings.
    1In the [Policy Name]  text  box, enter up  to 24 alphanumeric characters  for a name  that is  used for identifying
    the policy.
    2Select the [Enable  Policy] check box.
    Specify  the Selector Settings.
    5
    6
    7
    8
    >à>ß>â>Ì>Û>Ì>â>ã>â
     
    						
    							[Local  Address]
    Click the  radio button for  the  type of IP  address of the  machine to  apply  the  policy.[All IP
    Addresses] Select to  use IPSec for  all IP  packets.
    [IPv4  Address] Select to  use IPSec for  all IP  packets  that  are  sent to  or from the  IPv4  address of the  machine.
    [IPv6  Address] Select to  use IPSec for  all IP  packets  that  are  sent to  or from an  IPv6  address of the  machine.
    [Remote  Address]
    Click the  radio button for  the  type of IP  address of the  other devices to  apply  the  policy. [All IP
    Addresses] Select to  use IPSec for  all IP  packets.
    [All IPv4
    Addresses] Select to  use IPSec for  all IP  packets  that  are  sent to  or from IPv4  addresses of the  other devices.
    [All IPv6
    Addresses] Select to  use IPSec for  all IP  packets  that  are  sent to  or from IPv6  addresses of the  other devices.
    [IPv4  Manual
    Settings] Select to  specify  a single IPv4  address or a range of IPv4  addresses to  apply  IPSec. Enter the  IPv4
    address (or the  range)  in the  [Addresses to  Set Manually] text box.
    [IPv6  Manual
    Settings] Select to  specify  a single IPv6  address or a range of IPv6  addresses to  apply  IPSec. Enter the  IPv6
    address (or the  range)  in the  [Addresses to  Set Manually] text box.
    [Addresses  to Set Manually]
    If  [IPv4  Manual Settings] or [IPv6  Manual Settings] is  selected for  [Remote  Address], enter the  IP  address to  apply  the  policy.
    You  can also  enter a range of addresses by inserting a hyphen  between  the  addresses.
    NOTE:
    Entering IP addresses Description Example
    Entering a
    single address IPv4:
    Delimit  numbers  with periods.
    192.168.0.10
    IPv6:
    Delimit  alphanumeric  characters  with colons. fe80::10
    Specifying  a
    range of
    addresses Insert a hyphen  between  the  addresses.
    192.168.0.10-
    192.168.0.20
    Specifying  a
    >à>ß>ã>Ì>Û>Ì>â>ã>â
     
    						
    							range of
    addresses with
    a prefix  (IPv6
    only)Enter the  address, followed by a slash  and  a number indicating  the  prefix
    length.
    fe80::1234/64
    [Subnet Settings]
    When  manually specifying  IPv4  address, you can express the  range by using the  subnet  mask. Enter the  subnet  mask using
    periods to  delimit  numbers  (example:"255.255.255.240").
    [Local  Port]/[Remote Port]
    If  you want to  create separate policies for  each protocol, such as HTTP or SMTP, enter the  appropriate port number for  the
    protocol to  determine whether  to  use IPSec.
    IMPORTANT:
    IPSec  is  not  applied to the following packets Loopback,  multicast,  and  broadcast packets
    IKE packets  (using UDP on  port 500)
    ICMPv6  neighbor solicitation and  neighbor advertisement packets
    Specify  the IKE Settings.
    [IKE  Mode]
    The mode used for  the  key  exchange  protocol is  displayed.  The machine supports the  main  mode,  not  the  aggressive mode.
    [Authentication Method]
    Select [Pre -Shared  Key Method] or [Digital Signature  Method] for  the  method used when authenticating the  machine. You  need to
    enable  SSL  for  the  Remote  UI before selecting [Pre -Shared  Key Method] (
    Enabling  SSL Encrypted Communication for the
    Remote  UI ). You  need to  generate  or install a key  pair  before selecting [Digital Signature  Method] (Configuring  Settings  for
    Key  Pairs and  Digital Certificates ).
    [Valid for]
    Specify how long a session lasts  for  IKE SA (ISAKMP SA). Enter the  time  in minutes.
    [Authentication]/[Encryption]/[DH Group]
    Select an  algorithm from the  drop-down list. Each  algorithm is  used in the  key  exchange.
    [Authentication] Select the  hash  algorithm.
    [Encryption] Select the  encryption algorithm.
    [DH Group] Select the  Diffie -Hellman  group, which determines  the  key  strength.
    Using  a pre -shared key for authentication
    1Click the [Pre- Shared Key  Method]  radio button for [Authentication Method]  and  then  click [Shared Key
    Settings...].
    2Enter  up to 24 alphanumeric characters  for the pre - shared key and  click [OK].
    9
    >à>ß>ä>Ì>Û>Ì>â>ã>â
     
    						
    							3Specify  the [Valid for] and  [Authentication]/[Encryption]/[DH Group]  settings.
    Using  a key pair and  preinstalled CA certificates for authentication
    1Click the [Digital Signature Method]  radio button for [Authentication Method]  and  then  click [Key  and
    Certificate...].
    2Click [Register  Default  Key]  on  the right  of a key pair you want to use.
    NOTE:
    Viewing details of a key pair or certificate
    You  can check  the  details of the  certificate or verify the  certificate by clicking  the  corresponding text link  under [Key
    Name], or the  certificate icon.  
    Verifying  Key  Pairs and  Digital Certificates
    3Specify  the [Valid for] and  [Authentication]/[Encryption]/[DH Group]  settings.
    Specify  the IPSec Network  Settings.
    [Use PFS]
    Select the  check  box to  enable  Perfect Forward  Secrecy  (PFS)  for  IPSec session keys. Enabling PFS  enhances the  security while
    increasing  the  load on  the  communication.  Make  sure  that  PFS  is  also  enabled  for  the  other devices.
    [Specify  by Time]/[Specify by Size]
    Set the  conditions  for  terminating a session for  IPSec SA. IPSec SA is  used as a communication tunnel. Select either or both  of the
    check  boxes  as necessary. If  both  check  boxes  are  selected,  the  IPSec SA session is  terminated when either of the  conditions  has
    been satisfied.
    [Specify  by
    Time] Enter a time  in minutes  to  specify  how long a session lasts.
    [Specify  by
    Size] Enter a size in megabytes to  specify  how much data can be transported in a session.
    10
    >à>ß>å>Ì>Û>Ì>â>ã>â
     
    						
    							[Select Algorithm]
    Select the  [ESP], [ESP (AES-GCM)], or [AH (SHA1)] check  box(es)  depending on  the  IPSec header  and  the  algorithm used. AES-
    GCM  is  an  algorithm for  both  authentication and  encryption. If  [ESP] is  selected,  also  select algorithms  for  authentication and
    encryption from the  [ESP Authentication] and  [ESP Encryption]  drop-down lists.[ESP
    Authentication] To enable  the  ESP authentication,  select [SHA1] for  the  hash  algorithm.  Select [Do Not Use] if  you want
    to  disable the  ESP authentication.
    [ESP
    Encryption] Select the  encryption algorithm for  ESP. You  can select [NULL] if  you do not  want to  specify  the
    algorithm,  or select [Do Not Use] if  you want to  disable the  ESP encryption.
    [Connection Mode]
    The connection mode of IPSec is  displayed.  The machine supports transport  mode,  in which the  payloads of IP  packets  are
    encrypted. Tunnel  mode,  in which whole  IP  packets  (headers and  payloads) are  encapsulated is  not  available.
    Click [OK].
    If  you need to  register  an  additional security policy,  return to  step 6.
    Arrange  the order of policies listed under [Registered IPSec Policies].
    Policies are  applied from one at the  highest position  to  the  lowest. Click [Up] or [Down] to  move a policy up  or down the  order .
    NOTE:
    Editing  a policy
    Click the  corresponding text link  under [Policy  Name] for  the  edit screen.
    Deleting  a policy
    Click [Delete] on  the  right of the  policy name you want to  delete  
    click [OK].
    Restart the machine.
    Turn  OFF  the  machine, wait  for  at least  10 seconds,  and  turn  it back ON.
    NOTE
    You  can enable  or disable the  IPSec communication from .Use IPSec
    LINKS
    Configuring  Settings  for Key  Pairs and  Digital Certificates
    IPSec  Policy List
    11
    12
    13
    >à>à>Ü>Ì>Û>Ì>â>ã>â
     
    						
    All Canon manuals Comments (0)

    Related Manuals for Canon I Sensys Mf8280cw User Guide