IPsec Policies Help

IPsec is a protocol suite used for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment. IPsec can be implemented as part of your company's overall security policy.

IPsec Policies are sets of rules that determine which IP packets are given IPsec protection, and how network traffic is protected. This page enables you to build IPsec Policies based on a combination of the available Host Groups, Protocol Groups, and Actions.

The order in which the IPsec Policies are added is not important. The printer creates the low level policies from the most specific to the most general. IPsec uses the first applicable rule when deciding the course of action. For example, if three policies are added in the following order:

ESP transport for the local subnet
Deny all
Bypass for a specific IP within the local subnet

The printer will organize the policies in the following order:

Bypass for a specific IP in local subnet
ESP transport for local subnet
Deny all

Note: Contact your network administrator before changing IPsec Policies. Changing the printer's IPsec Policies may cause the printer to lose connection with the network. See Turning IPsec Off for information on how to re-establish connectivity.

Enabling IPsec
Creating IPsec Policies
Deleting IPsec Policies
Turning IPsec Off from the Printer Control Panel

Enabling IPsec

Select On from the IPsec drop-down list at the top of the page to enable IPsec on the printer. The default setting is Off.

Creating Policies

To configure a new IPsec Policy and add it to the list:

Select a Host Group, a Protocol Group, and an Action from the drop-down lists at the bottom of the page, and then click Add Policy.
If you select default Hosts, Protocols or Actions that are not already configured, pages display that enable you to modify the default groups/actions. In addition, links provided below the drop-down lists enable you to add new groups/actions.
After you have configured the list of IPsec Policies, and before you exit the page, click Apply at the bottom of the page to initiate the update to the IPsec Policy database.
Click Continue on the page that displays to save the new policies and commit them to the IPsec Policy database.

Note: You must click Apply at the bottom of the page before you exit, then you must click Continue to save any changes and commit them to the IPsec Policy database.

An IPsec Policy of All IP Hosts, System Services and Pass Action is provided by default. A maximum of 100 policies can be configured.

Deleting Policies

To delete an IPsec Policy, select the radio button next to the policy you want to delete, and then click Delete Policy in the middle of the page.

Note: Restart the printer after changing or deleting policies to clear existing security association (SA) sessions.

10 policies display per page. Navigate through multiple pages to locate a policy by clicking the left or right arrows, or click the drop-down box to select a particular page to display.

Turning IPsec Off from the printer control panel

An incorrectly configured IPsec Policy may make the printer unavailable over the network. If you cannot communicate with the printer, you can turn off IPsec from the printer control panel by performing the following steps:

On the Printer Setup menu, select Connection Setup.
Select Network Setup.
Select Network Services.
Navigate to IPsec, and change the enable option to Off.
Restart the printer

Note

Connection Setup

Notes:

For more information about CentreWare IS security features including IPsec, see the System Administrator Guide (English only).
For more information about IPsec, see RFCs 2401-2412, and 4301-4309 on the IETF website or on the RFC archive website.
Access to the IPsec configuration pages in CentreWare IS can be restricted by the passwords and feature authorization settings on the Administrative Security Settings page. See the Administrative Security Settings Help for more information.