Hp LASERJET M2727 MFP, LASERJET 9040MFP, LASERJET 9000MFP, LASERJET 3300MFP, LASERJET CM4730 MFP HP Imaging and Printing Security Best Practices

...
0 (0)
HP Imaging and Printing Security Best Practices
Configuring Security for Multiple LaserJet MFPs, Color LaserJet MFPs,
and Color MFPs with Edgeline Technology
Version 3.0
Table of Contents
Introduction......................................................................................................................................... 4
Cautions............................................................................................................................................. 6
Follow the Checklist in Order............................................................................................................. 6
Configure One MFP Model at a Time ................................................................................................. 6
Understand the Ramifications............................................................................................................. 6
Continue to be Vigilant ..................................................................................................................... 6
MFP Environment ............................................................................................................................. 6
Assumptions........................................................................................................................................ 6
Solutions covered ................................................................................................................................7
Organization ...................................................................................................................................... 7
Threat Model ...................................................................................................................................... 7
Spoofing Identity.............................................................................................................................. 8
Tampering with Data........................................................................................................................ 8
Repudiation..................................................................................................................................... 9
Information Disclosure ...................................................................................................................... 9
Denial of Service.............................................................................................................................. 9
Elevation of Privilege ...................................................................................................................... 10
Network Security ............................................................................................................................... 10
Overall Network Settings ................................................................................................................ 10
Notes on the Process of Configuration .............................................................................................. 11
Notes on Passwords ....................................................................................................................... 11
Configuring MFP Security Settings.................................................................................................... 12
Settings List ....................................................................................................................................... 65
Initial settings................................................................................................................................. 66
Settings for All MFPs....................................................................................................................... 66
Settings only for Edgeline MFPs ....................................................................................................... 67
Default Settings.................................................................................................................................. 68
Ramifications..................................................................................................................................... 72
Initial Settings ................................................................................................................................72
Settings for all MFPs (including Edgeline MFPs).................................................................................. 74
Settings Only for Edgeline MFPs ...................................................................................................... 81
Final Configurations ....................................................................................................................... 83
Overall Limitations.......................................................................................................................... 84
Physical Security................................................................................................................................84
Appendix 1: Glossary of Terms and Acronyms...................................................................................... 85

Introduction

HP MFPs are designed to provide the best quality, versatility, and convenience possible. They include
a wide variety of features to improve your experience with data handling and printing. These features
include security settings that help protect your valuable intellectual property and your network data.
HP prepares MFPs to be easy to set up and use right out of the box; however, this means that many of
the security features are not configured by default. To help with this, HP developed this checklist as a
guide to help you configure the security-related settings. It provides instructions to configure these
settings for one or more MFPs at the same time.
This checklist covers the following HP MFP models:
MFP Type Model
HP LaserJet MFPs HP LaserJet 4345 MFP
HP LaserJet M4345 MFP
HP LaserJet M3027 MFP
HP LaserJet M3035 MFP
HP LaserJet M5025 MFP
HP LaserJet M5035 MFP
HP LaserJet 9040 MFP
HP LaserJet 9050 MFP
HP Color LaserJet MFPs HP Color LaserJet 4730 MFP
HP Color LaserJet M4730 MFP
HP Color LaserJet 9500 HP
HP Color MFPs with Edgeline
Technology
HP CM8050 Color MFP
HP CM8060 Color MFP
This checklist covers security settings on all of these MFPs, but each type of MFP has varying
characteristics. Wherever possible, these differences are explained in the instructions. Here is a
summary of the major differences between these MFP types:
HP LaserJet MFPs:
HP LaserJet MFPs are based on single-color (also called black and white) LaserJet print technology.
Settings that relate to color printing do not apply to these models.
HP Color LaserJet MFPs:
HP Color LaserJet MFPs are based on Color LaserJet print technology. Most settings in this checklist
apply to these MFPs.
HP Color MFPs with Edgeline Technology:
HP Color MFPs with Edgeline Techology are based on a new high-speed color ink technology
introduced by HP in 2007. These MFPs have some unique security-related settings that do not apply
to the other MFPs. Some of these exclusive settings appear similar to those for the other MFPs, but
they apply only the HP Color MFPs with Edgeline Technology.
This checklist is written for acceptance by the National Institute of Standards and Technology (NIST).
HP thanks NIST for its support in the process of creating this document.
This checklist assumes that you are a trained network administrator and that you are familiar with the
use of HP Web Jetadmin to manage HP MFPs and printers and to upgrade firmware. You should be
familiar with Embedded Web Servers (EWS), and with HP Jetdirect connections. Refer to the MFP
User Guides and the HP Jetdirect Administrator Guide for more information. You can find these
documents and more information by searching for them at hp.com.
HP Web Jetadmin is the recommended management tool for all HP network printing and digital
sending products. This checklist is developed only for HP Web Jetadmin Version 8.1 with Service
Pack 4. Web Jetadmin Version 8.1 is available for download at the following location:
http://www.hp.com/bizsupport/wja/live/manual/8.1/html/wjacomp_winnt.html
You can also find HP Web Jetadmin by searching for it at hp.com.
You should install HP Web Jetadmin and update it with Service Pack 4 using the Product Update
menu under the Install option (
Figure 1).
Figure 1: The Navigation menu showing the Product Update Install option.
The Web Jetadmin Update page will appear with options for finding and installing updates. Be
sure to enable WJA to check for updates at hp.com, and click the button to check for new updates.
Once you have installed Service Pack 4, you should install all remaining updates. See HP Web
Jetadmin user guides for more information.
Note:
If Service Pack 4 does not appear in the Available Updates window, it is
already installed.
This checklist applies to most types of networks; however, it is developed and tested in the following
environment:
An ordinary TCP/IP network
Microsoft Internet Explorer version 6.0 with SP2
HP Web Jetadmin Version 8.1 with Service Pack 4 installed on a Windows XP PC
One of each supported MFP
The process for configuring this checklist is developed using HP Web Jetadmin Version 8.1 managing
all of the MFPs at the same time. It covers only those parts of HP Web Jetadmin that pertain to
appropriate security settings. See the user guides, admin guides, and help files for more information.

Cautions

HP is dedicated to providing the best and latest security information available for MFPs. This checklist
is meant to help you to improve MFP security in your workplace. HP has tested this checklist to ensure
that MFPs continue to provide the best possible performance while averting possible security threats;
however, some of these settings can cause unexpected problems in your network environment. Be
aware of the following cautions before you begin:

Follow the Checklist in Order

The settings in this checklist are presented in a specific order to ensure success. Many of these settings
can be configured successfully only in the correct order. You should follow the instructions exactly and
avoid making additional configurations during this process.

Configure One MFP Model at a Time

For best results, configure one MFP model at a time. This checklist covers a large number of settings
that become complicated as they go on. Configuring multiple models at the same time increases the
complications and can cause failures in some settings. However, Web Jetadmin can configure an
unlimited number of individual MFPs of the same model.

Understand the Ramifications

HP Web Jetadmin and MFPs include a wide variety of useful settings designed to make work easier
and more productive. However, raising the level of security requires trade-offs in these areas. Be
aware that applying this checklist can limit or even eliminate some features. See the Ramifications
chapter for more information.
HP provides this checklist as a guide to best-practice security configurations that allow for reasonable
convenience and usability. Some of the recommended settings create extra steps when accessing and
managing MFPs.
You should test these settings in your environment to ensure that you understand their effects. You may
find that some of the settings cause undesirable limitations.

Continue to be Vigilant

This checklist is provided only as a complimentary guide to known best practices for increasing MFP
security. HP does not claim or warrant that these configurations prevent misuse of MFPs or networks
or that they prevent malicious attacks on MFPs or networks.

MFP Environment

NIST defines several types of user environments, many of which are compatible with HP MFPs.
However, this checklist is written for an enterprise environment. Such an environment uses most of the
network features available with MFPs. Other types of environments tend to use a subset of these
features. You should configure as much of this checklist as possible while adapting the settings to your
specific situation.

Assumptions

This checklist makes some assumptions about the reader and about enterprise environments:
Network administrators: This checklist assumes that you are a trained network administrator who is
familiar with common networking practices, including configuring HP Jetdirect connections, and
using HP Web Jetadmin. You should have read the MFP user guide, the MFP administrator guide,
the Jetdirect administrator guide, Web Jetadmin user guides, and help files. This checklist relies on
these materials for necessary information. All of these guides are available by searching for them at
hp.com.
MFPs: This checklist covers security settings for specific HP MFPs. It is meant to help you configure
multiple MFPs simultaneously using the HP Web Jetadmin Multiple Device Configuration Tool
(explained later). It assumes that the MFPs are turned on, connected to the network, and in their
factory default states.
Most of the settings recommended in this checklist apply to other HP products; however, this
checklist is tested and known to be successful only with the specified MFP models.
Web Jetadmin Version 8.1 with Service Pack 4: This checklist does not apply to other versions of
Web Jetadmin. However, you should use the MFP Web Jetadmin Version 8.1 Product Update tool
to install all of the latest updates available from HP. See Web Jetadmin help for more information.
Enterprise environment: This checklist is created and tested in a TCP/IP enterprise environment.
However, most of the settings apply to most common networks.
Network connection: This checklist assumes that each MFP is connected directly to a local area
network via Jetdirect or Jetdirect Inside (JDI). Other connections, such as direct-connect via parallel
cable or via USB are not covered (this checklist recommends disabling direct-connect ports).
The recommended settings are only suggestions: All settings in this checklist are meant only as
suggestions for best-practice security for MFPs. Use it as a reference, and make judgments about
each recommended setting before configuring your MFPs.
Internet and intranet security: This checklist assumes that your network includes basic security
configurations and components. All MFPs should be installed behind network firewalls and other
standard tools such as updated virus protection applications.

Solutions covered

This checklist covers MFP security settings found in HP Web Jetadmin Version 8.1 and on MFP control
panels. This checklist covers no other solutions or applications.

Organization

This checklist includes the following chapters:
Threat Model: The Threat Model chapter explains the security circumstances relating to MFPs. It
follows the Microsoft® STRIDE model.
Network Security: The Network Security chapter provides step-by-step instructions for configuring
MFP security settings.
Settings List: The Settings List chapter provides a bulleted list of the recommended settings with
checkboxes. It does not include instructions or explanations.
Default Settings: The Default Settings chapter lists each recommended setting with its corresponding
default setting.
Ramifications: The Ramifications chapter lists each recommended setting with explanations of
possible limitations.
Physical Security: The Physical Security chapter explains security concerns in workplaces where
MFPs are installed. It covers security for picking up print jobs, copying, and scanning.
Appendix 1, Glossary and Acronyms.

Threat Model

This chapter lists some of the types of security risks that an MFP might encounter in an enterprise
network environment, and it suggests some ways to help protect your network and your data.
As technology improves, malicious people (hackers) continue to find new ways to exploit networks.
Hackers are beginning to target MFPs and other network peripherals to misuse resources or to gain
access to networks or to the internet. Predicting the actions of a hacker is difficult, but HP is dedicated
to research in this area. You should continue to be ware and always remain vigilant. Use other
techniques with this checklist to help ensure that your network is resistant to compromise.
Note:
This is not a comprehensive treatment of these issues. This chapter is only
an introduction to the types of threats that might possibly affect MFPs.
The Microsoft STRIDE model provides a valuable outline to categorize these known types of threats:
Spoofing identity
Tampering with data
Repudiation
Information disclosure
Denial of service
Elevation of privilege
The following sections explain how each type of threat relates to MFPs:

Spoofing Identity

Spoofing identity is masquerading as someone else to fool others or to get unauthorized access. Here
are some ways spoofing identity can relate to MFPs:
Placing another person's email address in the From address field of an email message. Example:
Someone could place the address of a co-worker in the From address field and send embarrassing
or malicious messages to others as though the co-worker wrote them.
Using another person's email credentials to log in to the email server to gain access to address
books
Using another person's email credentials to have free use of an email service
Using another person's email credentials to view that person’s email messages
Using another person's log on credentials for access to use MFPs or networks
Using another person's log on credentials for administrative access to MFPs
You can address the risks of spoofing identity in the following ways:
Protect the from address field in the MFP Digital Sending and Fax configurations.
Protect MFP disk access.
Configure authentication.
Configure the administrator password.
Configure SNMPv3.

Tampering with Data

Tampering with data can include any method of changing, destroying, or adding to information that
stored on an MFP or being transferred to or from an MFP. Examples:
Canceling another person's job. The person who sent a cancelled job gets no warning; only part or
none of the job is printed.
Intercepting a print job before it reaches the MFP, altering it, and sending it on to the MFP.
Intercepting remote configuration data, such as communications between Web Jetadmin and the
MFP, to get passwords and other information.
You can address the risks of data tampering in the following ways:
Disable Cancel Job button.
Disable Go (Pause) button.
Configure SNMPv3.
Prevent unnecessary remote access: close down all unused ports and protocols.
Configure HTTPS for EWS access.

Repudiation

Repudiation is using an MFP without leaving usage information. This includes preventing the MFP from
logging data or bypassing security checks such as user authentication. Examples:
Accessing usage logs to delete entries
Removing origination information from file metadata
Bypassing user authentication
Using remote management software to access the MFP
You can address the risks of repudiation in the following ways:
Install Jetdirect 635n Print Servers and set up IPsec to encrypt the data stream to include log data
and file metadata (look for this product at hp.com or contact your hp product supplier). Edgeline
MFPs already IPsec functionality. Look for information on configuring it at hp.com.
Close unused ports and protocols.
Save copies of log data at a separate location
Add security solutions such as swipe-card readers and thumbprint readers
Configure MFP settings that restrict remote management

Information Disclosure

Information disclosure is gathering information from an MFP and providing it to unauthorized users.
This can include authentication information, usage log information, or information from the contents of
a job. Examples:
Reading stored print jobs on the MFP hard drive
Downloading log information
Downloading address books
Intercepting print jobs, copy jobs, fax jobs, or digital send jobs (such as email)
You can address the risks of information disclosure in the following ways:
Install Jetdirect 635n Print Servers to encrypt the data stream to include log data and file metadata
(look for this product at hp.com or contact your hp product supplier). Edgeline MFPs already IPsec
functionality. Look for information on configuring it at hp.com.
Close unused ports and protocols.
Configure all possible password settings.
Configure authentication.
Configure SNMPv3.

Denial of Service

Denial of service is any type of interference with normal use of an MFP. Examples:
Canceling or pausing the print jobs of others
Turning off the MFP remotely
Disconnecting power to the MFP
Pulling out the MFP formatter board
Disconnecting the MFP from the network
Causing interference with network communication to the MFP
Changing the network location of the MFP
Causing an error state that interrupts service
Changing access configurations
You can address the risks of denial of service attacks in the following ways:
Lock the control panel.
Lock EWS configuration settings.
Close unused ports and protocols.
Disable controls such as the Job Cancel button and the Go button.
Enable the resume feature to allow the MFP to resume operations after an error state.
Configure Job Timeout.
Control physical access to the MFP.
Lock physical access to removable hardware.

Elevation of Privilege

Elevation of privilege is any method of upgrading authorized access to include unauthorized access.
Examples:
Non-administrators changing settings to get administrator privileges
Unauthorized use of management software to provide access for other unauthorized users
Using management software to bypass job accounting functions
You can address the risks of elevation of privilege attacks in the following ways:
Configure the administrator (device) password.
Configure SNMPv3 and HTTPS.
Lock the control panel.

Network Security

This chapter explains how to configure security settings for one or more MFPs. You should use HP
Web Jetadmin Version 8.1 with Service Pack 4 to configure as many of these settings as possible, but
some settings are available only in the MFP control panels as noted.

Overall Network Settings

Before you get started, be sure that your network environment provides reasonable security in which
your MFPs can operate. This includes configuring network firewalls and providing up-to-date virus
controls.
This checklist covers only the security settings that apply to MFPs as they are delivered in the box. You
might consider other measures that are available to provide further security for MFPs:
HP Digital Send Service (software). Digital Send Service is a separate solution available at
hp.com.
It provides valuable security features such as encrypting digital send jobs and more types of
authentication.
HP Jetdirect 635n Print Server Card. This accessory provides added network security using IPSec
and IPv6 protocols. This technology enables security for network traffic including the content of print
jobs, the content of email jobs, and the content of digital sending jobs. Look for the HP Jetdirect
635n Print Server Card at
hp.com.
Note:
Edgeline MFPs have IPsec and IPv6 capabilities, but they are not covered in
this checklist. This is because HP Web Jetadmin does not provide support
for them, and because they require advanced network configurations. Look
for information on these settings in the Edgeline MFP user guides and at
hp.com.

Notes on the Process of Configuration

This checklist covers every reasonable security setting for each model. The overall configuration is
tested and known to be successful in the most common network environments as long as the settings
are configured in the correct order and on one model at a time. However, your network environment
might be different. Be sure to follow the instructions in order, and consider making adjustments to
accommodate to your needs.
Since this is a complicated configuration, sometimes a setting can fail in the process. If this happens,
try again. If it fails again, try using the individual configuration pages in Web Jetadmin or use the
MFP EWS. Sometimes also, Web Jetadmin might show a false failure; the setting will have actually
been successful. You can verify the success of a setting using the individual configuration pages in
Web Jetadmin or in the MFP EWS.
Keep in mind that the Web Jetadmin Multiple Device Configuration Tool lists the aggregate of all
settings for all models it is managing. However, each model has a different set of settings. For
instance, the MFPs with Edgeline Technology have several unique authentication features. When you
configure a setting, Web Jetadmin sends it to all of the MFPs selected in the device list. Each
individual MFP accepts applicable settings and ignores those that do not apply.
Tip:
Use the Web Jetadmin filters to configure one MFP models at a time. This
will work faster with better results.
Tip:
Use a printout of the Settings List chapter to check off each item as you
configure it.

Notes on Passwords

This checklist includes configuration of several passwords. These passwords are valuable to overall
security. Try to follow good practices for these passwords:
Use the maximum possible characters. Current data shows that a password of 8 or more characters
is extremely difficult or almost impossible to guess even using the latest password cracking tools.
Use complicated passwords. Some of the passwords allow only numeric digits, but others can
accept 96 or more different characters (upper case, lower case, numeric, special characters, and
punctuation marks). Use a variety of character types whenever possible.
Use a different password for each setting. Many of the latest password cracking tools can follow
patterns to make guessing easier.
Use meaningless random characters. Real words or phrases are easier to guess. The latest
password cracking tools follow dictionaries to narrow down the possibilities.
Record the passwords in a safe but hidden place. The passwords are designed to restrict access to
management options on the MFPs. Losing a password can eliminate your access to settings. This is
most important for the Bootloader Password (the Startup Menu Administrator password for Edgeline
MFPs), which is a permanent setting that can never be changed or reset without the correct
password.

Configuring MFP Security Settings

This section provides instructions for configuring the MFPs for best-practice security. Most all of these
settings are found in HP Web Jetadmin Version 8.1. The exceptions are noted in the instructions
below.
The instructions are divided into five sections:
Setting up HP Web Jetadmin: This section explains how to prepare Web Jetadmin to display the
MFPs you are configuring and to provide the correct functions.
Configuring Initial Settings: This section provides instructions on settings that are required before the
remaining settings can be configured.
Configuring Settings for all MFPs (including Edgeline MFPs): This section provides instructions for
configuring settings that apply to all MFPs including Edgeline MFPs, LaserJet-based MFPs, and Color
LaserJet-based MFPs.
Configuring Settings for Edgeline MFPs: This section provides instructions for configuring settings
that apply only to Edgeline MFPs.
Configuring Final Settings: This section provides instructions for configuring settings that should not
be configured until all other settings are finished.
Note:
Web Jetadmin displays all supported settings for all MFPs it is managing
even though not all MFPs support all of the settings. Each MFP ignores
settings that do not apply and continues without issues.
For the same reason, some of the settings may not appear in HP Web
Jetadmin. Web Jetadmin displays only the options that apply to the MFPs
you are managing. Ignore settings in this checklist if they do not appear on
your Web Jetadmin screen.
Whenever you attempt to configure a setting that is not supported on an
MFP, Web Jetadmin shows setting failed – not supported. This is the
expected behavior, and the MFP will continue without issues.
For best results, configure one MFP model at a time.

Setting up HP Web Jetadmin

Follow these instructions to prepare Web Jetadmin for configuring the MFPs:
1. Open Web Jetadmin to view the device list (Figure 2), which appears by default.
Figure 2: Web Jetadmin showing the device list in the default view.
2. Check to see that the MFPs you wish to configure appear in the Device Model List. If they are
not in the list, use the Discovery options to find the MFPs on your network.
Note:
This checklist does not cover Device Discovery. See Web Jetadmin user
guidance for more information. In most cases, the MFPs already appear in
the default view.
Note:
It is possible for Web Jetadmin to lose contact temporarily with an MFP that
is configured for DHCP. Use the Discovery options to restore contact, or
configure the MFPs with static IP addresses. You can also use the MFP host
names to find them.
3. Click to select the MFPs to configure in the Device List view, and click Configure in the Device
Tools dropdown menu (
Figure 3).
Figure 3: The Device List showing devices selected and the Device Tools menu showing Configure
selected.
Tip:
To select more than one MFP in the Device Model list, hold CTRL while
clicking each MFP.
Note:
This chapter covers settings for all MFP models. However, you should
configure only one model at a time. Thus some settings in this checklist may
not appear for the model you are configuring. This is because some settings
may not apply to that specific model. Ignore instructions for settings that do
not appear in Web Jetadmin.
Remember that the steps in this checklist are for the specified HP MFPs.
Other devices may appear in the Device Model list. It may be possible to
configure them with these settings, but the results may vary.
The Multiple Device Configuration Tool will appear (Figure 4) showing the Configure
Devices tab.
Figure 4: The Multiple Device Configuration Tool showing the Configure Devices tab outlined in green.
The Configure Devices tab contains most all of the settings recommended in this checklist.
Tip:
Sometimes Web Jetadmin can lose track of MFP credentials. If this
happens, some settings might fail. Clear the Web Jetadmin Device Cache
(see Web Jetadmin Help) and re-enter the MFP credentials.

Configuring Initial Settings

In order to ensure a successful and secure configuration, you should configure a few of the settings
first. The following instructions explain how to configure these settings:
Configuring SNMPv3
SNMPv3 provides encryption for communication between Web Jetadmin and the MFPs. It helps to
ensure that only authorized and authenticated administrators have access to the configuration settings.
It also helps to ensure that no one can gather sensitive information, such as passwords, usernames,
and other codes, over network lines.
Note:
It is best to configure SNMPv3 by itself to ensure that the settings are saved
properly.
Follow these steps:
4. Click Security in the Configuration Categories menu (Figure 5). The Security menu will
appear.
Figure 5: The Security category.
5. Scroll down to the SNMPv3 option, and select the SNMPv3 checkbox (Figure 6).
Figure 6: The Security menu showing SNMPv3 selected.
6. Click to select Enabled below the SNMPv3 checkbox, and fill in the New User, the New
Authentication Passphrase, and the New Privacy Passphrase fields (
Figure 7). See
below for details.
Figure 7: The SNMPv3 settings enabled and the fields filled out.
The New User Name field can be any name you choose.
The New Authentication Passphrase field can be any word or phrase that is at least 8
characters.
The New Privacy Passphrase field can be any word or phrase that is at least 8 characters.
CAUTION:
Be sure to remember these credentials and provide them to authorized
users. If these credentials are forgotten, the only way to restore
communication between HP Web Jetadmin and the MFPs is to restore the
MFPs to factory default settings. These instructions are for the initial
configuration of SNMPv3. Once you finish this configuration, the MFPs will
require these credentials whenever anyone attempts to access settings over
the network.
Note:
Web Jetadmin retains the SNMPv3 credentials for each MFP, and it will not
prompt for them as long as the authorized administrator is logged onto
Web Jetadmin and the credentials remain the same. You can clear the
Web Jetadmin Device Cache to cause Web Jetadmin to require the
credentials again. Web Jetadmin stores the SNMPv3 credentials encrypted.
7. Scroll down below the Privacy Passphrase field, and select SNMP Version 3 Only (Figure
8
).
Figure 8: The SNMP Version 3 Only setting.
This setting limits communication between Web Jetadmin and the MFPs to only SNMPv3. The MFPs
will ignore communications via other versions of SNMP or any other protocols.
8. Select the devices you wish to configure in the Device Model list (Figure 9).
Figure 9: The Device Model list.
Click Configure Devices (Figure 10) to execute the configuration.
Figure 10: The Configure Devices button.
After you click Configure Devices, a View Log page (Figure 11) will appear.
Figure 11: The View Log page showing that SNMPv3 is executing.
9. Wait a few seconds (sometimes this can take a few minutes), and click Refresh to see the
progress. The View Log page will reappear with the status. Once the configuration is complete,
the View Log page will show success (
Figure 12).
Figure 12: The View Log page showing successful configuration of SNMPv3.
Now, whenever you click Apply to configure settings, the MFP will check for the SNMPv3
credentials.
Note:
Web Jetadmin stores the credentials for each MFP for convenience, but it
may prompt for them on occasion. Web Jetadmin stores these credentials
encrypted.
10. Click Go Back to view Multiple Device Configuration Tool, and continue with the
instructions below:
Configuring the Device Password
The Device password restricts access to many of the configuration settings. The MFPs require it to be
configured before they allow configuration of some of the other settings.
Follow these instructions:
1. Click the Security option in the Configuration Categories menu (Figure 13).
Figure 13: The Security Configuration Category option.
2. Scroll down, and click to select Device Password (Figure 14).
Figure 14: The Device Password Options.
3. Type a password of up to 12 characters in the field next to Device Password, and repeat it
exactly in the Repeat Password field.
4. Select the devices to configure in the Device List, and click Configure Devices.
The View Log page will appear to show the status of the configurations.
5. Click Refresh to update the status. Once the configurations are successful, click Go Back to
continue.
Configuring the Access Control List (ACL)
The ACL limits network access to allow only to the IP addresses or subnets that you specify. This
includes printing and all other access.
Tip:
You can ensure that no one but you has access to the MFPs while you are
configuring this checklist: List only the computer you are using until you are
finished with the checklist.
The MFPs will accept IP addresses without masks to limit access to single computers. If you wish to
provide access to all computers in a subnet, include the subnet mask along with an IP address that is
within the subnet.
Note:
The following MFP models also have a Jetdirect Firewall feature along with
the Access Control List:
HP LaserJet M3035 MFP
HP LaserJet M4345 MFP
HP LaserJet M5025 MFP
HP LaserJet M5035 MFP
HP CM 8050 Color MFP
HP CM 8060 Color MFP
HP Web Jetadmin does not provide options to configure the Jetdirect
Firewall settings. Look for them in each MFP EWS.
Follow these instructions:
1. Click to select Network (Figure 15) in the Configuration Categories menu.
Figure 15: The Configuration Categories Menu Network option.
2. Scroll down, and click to select Access Control List (Figure 16).
Figure 16: The Access Control List option.
3. Add an IP address or a subnet mask by filling in the fields (Figure 17).
Figure 17: The ACL IP address field.
CAUTION:
Be sure to include the IP address of the computer that Web Jetadmin is
using to connect to the MFPs (it might be a computer other than the one you
are using, such as a proxy server). Otherwise, the ACL will block your
access, and you will not be able to continue.
Note:
The Mask option requires an entry in the IP address field to determine the
subnet for which to grant access.
4. If you wish to make sure all of the MFPs are configured only with your new listings, click to select
Clear all ACL Table entries (see above) the first time you add a listing.
Note:
To find out which IP addresses are already configured in the ACL of a
single MFP, open the device page in Web Jetadmin, and navigate to the
ACL options (all of the MFPs should be the same if you are configuring
them all at once). It will list the IP addresses or subnets that are already
configured. You can also see the ACL list in each MFP EWS.
5. Click to deselect Allow Web Server (HTTP) access to ensure that the ACL restricts access to
the MFP EWSs.
6. Select the MFPs you wish to configure in the Device Model list, and click Configure Devices
(
Figure 18).
Figure 18: The Configure Devices button.
Note:
These ACL options allow you to add one IP address or one mask at a time.
To add more IPs or masks, repeat these steps. Remember to deselect Allow
Web Server (HTTP) access each time.
The View Log page will appear to show the status of the configuration. Click Refresh to update the
status. When the settings are successful, click Go Back to view the Multiple Device
Configuration Tool, and continue with this checklist.
Configuring Fax Send Setup (Edgeline MFPs)
If you are configuring Edgeline MFPs, follow these instructions to enable fax functions (if you plan to
use the fax functions):
Tip:
This setting applies only to Edgeline MFPs. To save time, you should apply
this setting only to the Edgeline MFPs you are configuring.
1. Click Fax in the Configuration Categories menu (Figure 19).
Figure 19: The Fax Configuration Category.
2. Click to select Fax Send Setup (Figure 20).
Figure 20: The Fax Send Setup option.
3. Click to select Enable Fax Send, and select Internal Modem in the Fax Send Method
dropdown menu.
Note:
This checklist assumes you are using analog fax. If you wish to use another
method, choose that method, and configure the appropriate settings later in
the fax configuration section. This checklist does not cover alternative fax
configurations because they require other network solutions or support.
4. Select the MFPs you wish to configure in the device list (Note that this setting is only for Edgeline
MFPs. All other MFPs will ignore this setting).
5. Click Configure at the bottom of the page. The View Log page will appear showing progress.
6. Wait a few seconds, and click Refresh to update the progress.
7. Once the View Log page shows results for all of the MFPs, click Go Back to continue.
Configuring Email Send Setup, and Send to Folder Setup for Edgeline MFPs
Edgeline MFPs also require Email Send Setup and Send to Folder Setup before they allow
configurations for related settings. Follow these instructions:
Tip:
This setting applies only to Edgeline MFPs. To save time, you should apply
this setting only to the Edgeline MFPs you are configuring.
1. Click Digital Sending in the Configuration Categories menu (Figure 21).
Figure 21: The Digital Sending option in the Configuration Categories menu.
2. Scroll down, and click to select Enable Send to Email (Figure 22).
Loading...
+ 60 hidden pages