Canon network camera VBH651V User Manual

							Setting Page
5
191
[Sound Clip]
Select the sound clip when [Audio Playback at ON Event] or [Audio Playback at OFF Event] has been set to [Enable].
You must register the sound  clip with [Video and Audio] > [Audio] (P. 143) beforehand.
[Volume]
Enter the volume fo r the sound clip.
Linked Event Operation Examples
This shows linked event status examples according  to the ON/OFF combinations for Event 1 and Event 2.
In the examples below, [Event Gap]  is four seconds and each cell in the graphs below represents one second.
[Event Linking Method] Set to [OR]
Only One Event ON
Both Events ON
[Event Linking Method] is Set to  [AND], [Event Order] is Specified
This shows examples when [Event  Order] is set to [Event 1 -> 2].
When [Event Order] is set to [None] and [Event Linking Meth od] is set to [AND], linked events will be as in the 
examples, even if Event 1 and Event 2 are switched.
When Events Occur in Order 1 -> 2
When Events Occur in Order 2-> 1 -> 2
ON
Event 1
Event 2
Consolidated State OFF
ON
OFF
ON
OFF
ON
Event 1
Event 2
Consolidated State OFF
ON
OFF
ON
OFF
ON
Event 1
Event 2
Consolidated State OFF
ON
OFF
ON
OFF
ON
Event 1
Event 2
Consolidated State OFF
ON
OFF
ON
OFF
Both events are ON, but their order of occurrence is 
incorrect. Therefore, a linked event does not occur here. 
						

							192
Event 2 Triggered but Event Gap Setting ([4] sec.) Exceeded
[Status] of Event 1 Set to [OFF], ON States Do Not Coincide
One Event Switches Between ON/OFF
ON
Event 1
Event 2
Consolidated State OFF
ON
OFF
ON
OFF
The gap between the occurrence of event 2 after the 
occurrence of event 1 exceeds the value specified for the 
[Event Gap] setting. Therefore, a linked event does not occur.
Event Gap (4 Sec. in This Example)
ON
Event 1
Event 2
Consolidated State OFF
ON
OFF
ON
OFF
The linked event does not occur when event 1 
turns OFF, but at the moment event 2 turns ON.
Event Gap (4 Sec. in This Example)
ON
Event 1
Event 2
Consolidated State OFF
ON
OFF
ON
OFF
Event Gap (4 Sec. in This Example) 
						

							Setting Page
5
193
Separate access control from IPv4 and IPv6 addresses can be set.
Note
If the same address is duplicated, the address policy that is displayed  highest on the list will be applied.
IPv4 Host Access Restrictions
Specify the hosts from which IPv4 access is permitted and prohibited.
[Apply Host Access Restrictions]
Select whether to use IPv4 host access restrictions.
[Default Policy]
Select whether to allow or block access from IPv4 addresses  that have not been specified in [Network Address / Subnet].
[Network Address / Subnet]
Enter IPv4 addresses into the list and select [Yes] or [No] for access for each address.
You can specify the subnet to set acce ss restrictions by network or host.
If set to [No], access to all ports is blocked.
[Security] > [Host Access Restrictions]
Setting Access Restrictions
Important
 To prohibit access via a proxy serv er in HTTP connection, a proxy server address must be set.
 If host access restriction is set mistakenly,  access to the Setting Pages themselves may be prohibited, in which case restoring the 
factory default settings will b ecome the only means of recovery.
The following settings can be configured here.
 IPv4 Host Access Restrictions IPv4
 IPv4 Host Access Restrictions IPv6 
						

							194
IPv6 Host Access Restrictions
Specify the hosts from which IPv6 access is permitted and prohibited.
[Apply Host Access Restrictions]
Select whether to use IPv6 host access restrictions.
[Default Policy]
Select whether to allow or block access from IPv6 addresses  that have not been specified in [Prefix / Prefix Length].
[Prefix / Prefix Length]
Enter IPv6 addresses (prefixes) into the list an d select [Yes] or [No] for access for each address.
You can specify the prefix length to se t access restriction by network or host.
If set to [No], access to all ports is blocked. 
						

							Setting Page
5
195
Certificate creation and management, and encrypted communication settings.
Certificates
Create an SSL/TLS certificate.
[Create Self-Signed Certificate]
Enter the following items, click [Apply], and click [Exec] to create a self-signed certificate.
Follow the displayed message and reboot. The certificate created will take effect after rebooting.
Note
Creating a certificate takes time, so it is recommended  that you stop video transmission and upload processes.
[Certificate Status]
If no certificate is installed, [Not Installed] will be displayed. If a certificate  is installed, the validity period for the c ertificate 
will be displayed.
[Country (C)]
Enter the ISO3166-1 alpha-2 country code.
[State/Province (ST)], [Locality (L )], [Organization (O)], [Organizational Unit (OU)], [Common Name (CN)]
Enter state/province name, locality, organization name, or ganizational unit and common name in alphanumeric characters 
(spaces or printable characters).
Enter an FQDN format host name, etc. to set the common name (required).
[Validity Period Start Date], [Validity Period End Date]
Set the validity period of the certificate to be crea ted (required when creating a self-signed certificate).
[Security] > [SSL/TLS]
Setting HTTP Communication Encryption
Important
Use a self-signed certificate when complete security does not need  to be ensured, such as through operation tests. For system 
operation, it is recommended that you acquire  and install a certificate issued by a CA.
The following settings can be configured here.
 Certificates
 Certificate Management
 Encrypted Communications 
						

							196
Certificate Management
Manage the SSL/TLS certificate.
[Generate Certificate Signing Request]
Click [Exec] to create a server private key and generate a certificate signing request.
Once processed, the certificate signing request will be displayed in a separate window.
Note
Generating a certificate signing request takes time, so it is recommended that y ou stop video transmission and upload processes .
[Display Certificate Signing Request]
Click [Exec] to view the details of the certificate signing request.
[Install Server Certificate]
Perform this operation to in stall a server certificate.
Specify the certificate file to be inst alled using [Browse] and click [Exec].
The certificate installed will take effect after rebooting.
[Install Intermediate Certificate]
Perform this operation to inst all an intermediate certificate.
Specify the certificate file to be inst alled using [Browse] and click [Exec].
The certificate installed will take effect after rebooting.
Note
To install an intermediate certificate and a cr oss root certificate, use a text editor or similar software to place them in the same file and 
install them as an intermediate certificate.
[Delete Server Certificate]
Click [Exec] to delete the server certificate.
However, if SSL/TLS communications are  enabled, the certificate cannot be deleted. Set [HTTPS Connection Policy] to 
[HTTP] before deleting a certificate.
The deletion will take effect after rebooting.
[Delete Intermediate Certificate]
Click [Exec] to delete the in termediate certificate along with the cross root certificate.
However, if SSL/TLS communications are  enabled, the certificate cannot be deleted. Set [HTTPS Connection Policy] to 
[HTTP] before deleting a certificate.
The deletion will take effect after rebooting.
[Display Server Certificate Details]
Click [Exec] to view the details of the server certificate.
[Display Self CA Certificate]
Used for the purpose of testing SSL/TLS co mmunications, but otherwise not normally used.
[Backup]
Click [Exec] to perform a backup of the certificates and pr ivate key. This can only be performed when [HTTPS] or [HTTP 
and HTTPS] is set for [HTTPS Connection  Policy] to perform SSL/TLS communication.
[Restore]
Installs the certificates and private key from backup.
Click [Browse] to specify the backup file, then click [Exec].  This can only be performed when [HTTPS] or [HTTP and HTTPS] 
is set for [HTTPS Connection Policy] to perform SSL/TLS communication.
The restored certificate will take effect after rebooting.
Encrypted Communications
Set encrypted communications.
[HTTPS Connection Policy]
Set SSL/TLS communication with HTTPS connections.
Select [HTTP] if you do not want to perform SSL/TLS communication.
Select [HTTPS] or [HTTP and HTTPS] if you want to pe rform SSL/TLS communication. Connections using SSL/TLS are 
enabled after restarting. 
						

							Setting Page
5
197
If you select [HTTPS], HTTP access is also redirected to HTTPS to perform SSL/TLS communication.
Note
 It may take a few minutes to generate an SSL/TLS key.
 Depending on the type of the certificate being installed on the  camera, a dialog box may be displayed indicating that the web browser 
has accepted the certificate and a connection can be made. If the dialog  box is not displayed, register the CA certificate in the web 
browser.
Important
 Even if you set SSL/TLS communication here, SSL/TLS communi cation is not performed unless you install a certificate.
 Video distribution performance  decreases when performing SSL/TLS communicati on. If you set [HTTPS], you cannot connect with the 
RM. 
						

							198
Settings for 802.1X authentication and authentication status display, and for certificate administration.
802.1X Authentication
Display the 802.1X authentication enable/disable control and status.
[802.1X Authentication]
Select this to enable or  disable 802.1X authentication.
[Authentication Status]
Display the status of 802.1X aut hentication. There are three types of status: [Authenticated],  [Unauthenticated], and [Stop].
Authentication Method
Set the authentication method us ed for 802.1X authentication.
[Authentication Method]
Select [EAP-MD5], [EAP-TLS], [EAP-TTLS], or [EAP-PEAP] as  the authentication method to use for 802.1X authentication.
[User Name]
Enter the user name used for authentication.
[Password]
Enter the required pass word for authentication.
This is displayed only when [Authentication Method ] is set to [EAP-MD5], [EAP-TTLS], or [EAP-PEAP].
Certificate Information
This is displayed only when [Authentication Method]  is set to [EAP-TLS], [EAP-TTLS], or [EAP-PEAP].
[CA Certificate Status]
If no CA certificate is installed, [Not Installed] is displayed.  If a CA certificate is installed, the validity period of the 
certificate is displayed.
[Client Certificate Status]
If no client certificate is installed, [Not  Installed] is displayed. If a client certificate is inst alled, the validity period of the 
certificate is displayed.
This is displayed only when [Authent ication Method] is set to [EAP-TLS].
[Security] > [802.1X]
Network Port Authentication Settings
The following settings can be configured here.
 802.1X Authentication
 Authentication Method
 Certificate Information
 Certificate Management 
						

							Setting Page
5
199
[Client Private Key Status]
If no client private key is installed, [Not Installed] is displayed. If a client private key is installed, [Installed] is 
displayed.
This is displayed only when [Authent ication Method] is set to [EAP-TLS].
Certificate Management
This is displayed only when [Authentication Method]  is set to [EAP-TLS], [EAP-TTLS], or [EAP-PEAP].
[Install CA Certificate]
Installs a CA certificate.
Specify the certificate file to be inst alled using [Browse] and click [Exec].
[Install Client Certificate]
Installs a client certificate.
Specify the certificate file to be inst alled using [Browse] and click [Exec].
This is displayed only when [Authent ication Method] is set to [EAP-TLS].
[Install Client Private Key]
Installs a client private key.
Specify the private key file  to be installed using [Browse] and click [Exec].
This is displayed only when [Authent ication Method] is set to [EAP-TLS].
[Client Private Key Password]
Enter the password for the client private key.
Required when a password has been configured for the private key.
This is displayed only when [Authent ication Method] is set to [EAP-TLS].
[Delete Certificate]
Deletes all installed CA certificates, clie nt certificates, and client private keys.
Only “CA Certificate” is displayed when [Authentication  Method] is set to [EAP-TTLS] or [EAP-PEAP], but any 
installed client certificates and c lient private keys are also deleted.
Important
 If any CA certificates, client certificates , and client private keys already exist when installing certificates, they are discarded and 
new versions are installed.
 An error occurs if the format of the certificate  or private key to be installed is incorrect.
 Client certificates and client private ke ys are checked as a pair when installing,  and an error occurs if they do not match.
 The certificate and private key used for 802.1X authentication must  be installed as separate items, irrespective of the installation 
status of certificates for SSL/TLS. 
						

							200
Settings for using IPsec.
Note
If IPsec is used, video transmission performance drops.
IPsec
[IPsec]
Select the key exchange method when using IPsec.
Auto Key Exchange Settings
[IPsec SA Encryption Algorithm]
Select the IPsec SA encryption algorithm.
The specified algorithm will be checked for an app licable encryption algorithm starting from the left.
[IPsec SA Authentication Algorithm]
Select the IPsec SA authentication algorithm.
[Security] > [IPsec]
Setting IPsec
Important
 To run this camera with IPsec, the communicating devices and netwo rk must be set beforehand. Contact your system administrator for 
these settings.
 When connecting with IPsec, set the camera IP address manually. For IPv4 addresses, use addresses with  [IPv4 Address Setting Method] set to [Manual] in [Basic] > [Network] > [IPv4].
For IPv6 addresses, use addresses set with [IPv6 Address (Manual)] in [Basic] > [Network] > [IPv6].
 If the IPsec setting is changed and the camera may become ina ccessible from the active web browser, a confirmation dialog box will 
be displayed. Click [OK] to apply the new settings.
If you restart the camera and cannot connect to the camera from the web browser, any available URI for connecting to the camera  will 
be displayed in a message.
If you cannot connect to the camera through the displayed URI, contact your system administrator.
The following settings can be configured here.

 Auto Key Exchange Settings
 IPsec Set 1 to 5