[Mode using SSL/TLS]

Select a login mode to establish SSL communications (default: [None]).

• [None]: Does not establish SSL communications.

• [Admin. Mode]: Establishes SSL communications in the administrator mode only.

• [Admin. Mode and User Mode]: Establishes SSL communications in both the administrator mode and user mode.

[Encryption Strength]

Displays the SSL encryption strength (AES-256 only).

[SSL/TLS Version Setting]

Select the target SSL version respectively from [Minimum] and [Maximum].

[SSL]: [HTTP Server]

If this machine is used as an http server, it encrypts transmission from a client to the machine. For example, it is used for the following application.

• Accessing Web Connection via HTTPS

• Printing via IPPS

[SSL]: [E-mail TX (SMTP)]

If this machine is used as an SMTP client, it submits a certificate of the machine according to a request from the E-mail server (SMTP).

[SSL]: [E-mail RX (POP)]

If this machine is used as an POP client, it submits a certificate of the machine according to a request from the E-mail server (POP).

[SSL]: [TCP Socket]

If this machine is used as a TCP Socket client, it submits a certificate of the machine according to a request by the TCP Socket server.

[SSL]: [LDAP]

If this machine is used as an LDAP client, it submits a certificate of the machine according to a request by the LDAP server.

[SSL]: [WebDAV Client]

If this machine is used as a WebDAV client, it submits a certificate of the machine according to a request by the WebDAV server.

[SSL]: [OpenAPI]

If this machine is used as an OpenAPI server, it encrypts transmission from an OpenAPI client to the machine.

[SSL]: [Web Service]

If this machine is used as a Web service server, it encrypts transmission from a client to the machine.

This option is used when your Windows computer accesses the machine via HTTPS.

[SSL]: [IPsec]

Used to activate IPsec communication on this machine.

[SSL]: [Remote Panel]

When the screen of this machine is operated remotely with the dedicated software, it is used for the following applications:

• Submitting a certificate of this machine, in the client settings, according to a request by the server on which the dedicated software has been installed.

• Encrypting communication, in the server settings, from a client viewing the screen of this machine to the machine.

[IEEE802.1X]

If this machine is used as an IEEE802.1X authentication client, it is used for the following applications:

• Encrypting communication if this machine is authenticated by the IEEE802.1X server via EAP-TLS.

• Submitting a certificate of this machine upon request by the server via EAP-TTLS or EAP-PEAP.

[Biometric/IC Card Information Registration]

When allowing the user to register or when deleting the user’s biometric or IC card information, set this option to ON (default: OFF).

[Synchronize User Authentication / Account Track By User]

When allowing the user to change the setting for synchronization between user authentication and account track, set this option to ON (default: ON).

This setting is displayed when [Synchronize User Authentication / Account Track] is set to [Synchronize by User] in [Utility] - [Administrator] - [User Auth/Account Track] - [Authentication Method].

[Changing job priority]

Select whether to allow the user to change the job priority order (default: [Allow]).

[Delete other user jobs]

Select whether to allow another user to delete a job (default: [Restrict]).

[Allow password change]

When allowing the user to change the administrator password, set this option to ON (default: ON).

[Function]

Specify the functions for which the administrator password can be changed.

• [IWS Application]: When allowing the user to change the administrator password from the IWS application, set this option to ON (default: ON).

[Level 1]

Open up the following settings to the users.

• [Low Power Mode Setting]

• [Sleep Mode Setting]

[Level 2]

Open up the following settings to the users.

• Settings that are opened up to users in [Level 1]

• [Settings for receiving print data]

• [AE Level Adjustment]

• [Blank Page Print Settings]

• [Page Number Print Position]

• [Change E-Mail Address]

[Restrict]

The settings are not opened up to users.

[Password Rules]

When enabling the Password Rules, select the rule level (default: [Disable]).

Setting to [Complexity 1] applies the following rules to the password to be specified in this machine.

• Minimum number of characters specified in [Set Minimum Password Length]

• Passwords are case sensitive.

• Only single-byte symbols are available.

• A password consisting of a string of identical characters is prohibited.

• The previous password is prohibited.

Setting to [Complexity 2] applies the following rules to the password to be specified in this machine.

• [Complexity 1] rules

• Three types of uppercase alphabetical characters, lowercase alphabetical characters, numbers, and symbols must be mixed.

• A password containing a word such as "Admin" or "Public" that can be easily guessed is prohibited.

• A password containing a word registered in [Prohibited words] is prohibited.

• The current password and the same password as the previous one are prohibited.

[Set Minimum Password Length]

If necessary, change the minimum number of password characters (default: [15] characters).

[Prohibited words]

Register words you want to prohibit use of when specifying a password.

The banned words can be registered when [Complexity 2] is selected in [Password Rules].

[Password attack detection]

When enabling detection against password attacks, set this option to ON (default: OFF).

• Set the detection conditions by combining [Number of times allowed] and [Measurement time]. For example, when the setting is the default, if the password is entered 31 times within 5 seconds in user authentication, a password attack is detected.

[Detection for authentication access attacks]

When enabling detection against authentication access attacks, set this option to ON (default: OFF).

• Set the detection conditions by combining [Number of times allowed] and [Measurement time]. For example, if the setting is the default value, an authentication access attack will be detected if 101 accesses occur within 10 seconds for user authentication.

• Set the operation to be performed when an authentication access attack is detected in [Response delay time] and [Number of authentication response users]. For example, if the setting is the default, it limits the number of authentication requests that can be accepted simultaneously to 10, and delays the response to each authentication request by 3 seconds.

[Prohibit Functions]

Select the severity of penalties applied if an incorrect password is entered during the authentication process (default: [Mode1]).

• [Mode1]: If authentication fails, the authentication operation (entry of password) is prohibited for five seconds.

• [Mode2]: If authentication fails, the authentication operation (entry of password) is prohibited for five seconds. The number of times, authentication fails is also counted and if the failure count reaches a predetermined value, the authentication operation is prohibited and the machine is set into an access lock state.

[No. of Tries]

When [Mode2] is selected in [Prohibit Functions], specify the number of password entry failures that occurred until authentication operation is restricted.

[Release]

Select an item to be released from Access Lock during authentication failure.

[Release Time Settings]

If necessary, change the time that elapses before an access lock state in the Administrator Setting mode is canceled (default: [5] min.).

If a predetermined time has elapsed after the machine was restarted, an access lock state is canceled.

[Job History]

Configure settings to display personal information of the job history screen.

• [Job History]: When hiding personal information on the job history screen, set this option to ON (default: OFF (without user authentication/account track), ON (with user authentication/account track)).

• [Display Settings]: Select items you want to hide.
  [Mode 1]: File name
  [Mode 2]: File name, author, and user name

• [Public User], [User Authentication], [Account Authentication]: Select how to display items you specified in [Display Settings] for each user or account.
  [Mode 1]: Hide all display items.
  [Mode 2]: Hide only display items other than for login user/login account.
  [Mode 3]: Hide only display items other than for a public user, login user/public user, and login account.
  [Mode 4]: Show all display items.

[Current Job]

Configure settings to display personal information of the active job screen.

• [Current Job]: When hiding personal information on the active job screen, set this option to ON (default: OFF (without user authentication/account track), ON (with user authentication/account track)).

• [Display Settings]: Select items you want to hide.
  [Mode 1]: File name
  [Mode 2]: File name, author, and user name

• [Public User], [User Authentication], [Account Authentication]: Select how to display items you specified in [Display Settings] for each user or account.
  [Mode 1]: Hide all display items.
  [Mode 2]: Hide only display items other than for login user/login account.
  [Mode 3]: Hide only display items other than for a public user, login user/public user, and login account.
  [Mode 4]: Show all display items.

[Hide Personal Information]

When displaying the file name of MIB information, set this option to OFF (default: ON).

[Withhold Personal Information]

When displaying the user name in the penalty lock notification information, set this option to OFF (default: OFF).

[Quick IP Filtering]

When using the quick IP filtering function, select the method to specify the IP address for which access is restricted. [Synchronize IP Address] is specified by default. In some areas, [No Filtering] is specified by default.

[Administrator Password Setting]

Change the administrator password of this machine (using up to 64 single-byte characters). Be sure to remember the changed password so that you do not forget it.

This setting is displayed when SSL communication is enabled in Web Connection.

[Password Rules]

When enabling the Password Rules, select the rule level (default: [Disable]).

[Web Conn.setting]

When using Web Connection, set this option to ON (default: ON).

[Security Warning Display Setting]

To display the security warning screen if the administrator password remains set to the default or if password rules are not satisfied, set this option to ON. ON is specified by default. In some areas, OFF is specified by default.

[USB flash drive function settings]

Specify whether to permit a function that requires the USB Port.

• [Print Document]: When permitting the user to print a file from a USB flash drive, set this option to ON (default: ON).

• [Print]: When allowing the user to print files from a USB-connected computer, set this option to ON (default: ON).

[Set All]

Select whether to restrict all the functions using the USB Port, or configure a setting for each function (default: [Detail Setting]).

[Authentication Device]

When allowing a connection with the Authentication Unit, select [Allow] (default: [Allow]).

[External Keyboard]

When allowing the user to connect an external keyboard, set this option to ON (default: ON).

[USB flash drive (User)]

Specify whether to allow the use of USB memory for functions to be used by the user (default: [ON]).

• [Print Document]: When permitting the user to print a file from a USB flash drive, set this option to ON (default: ON).

[USB flash drive (Administrator)]

Specify whether to allow the use of USB memory for functions to be used by the administrator (default: [ON]).

• [Write the Configuration from USB]: When allowing the user to change the settings of this machine by loading the configuration file saved in a USB flash drive, set this option to ON (default: ON).

[USB flash drive (Service)]

Specify whether to allow the use of USB memory for functions to be used by the service engineer (default: [ON]).

• [Firmware Update Parameters]: When allowing firmware updating using a USB flash drive, set this option to ON (default: ON).

[PC Connect]

Specify whether to enable to print files from a USB-connected computer (default: [ON]).

• [Print]: When allowing the user to print files from a USB-connected computer, set this option to ON (default: ON).

[User Auth/Account Track] - [Authentication Method] - [User Authentication]

Select an option other than [OFF].

(When external server authentication is used, only Active Directory is available as the server type.)

[Security] - [Administrator Password Setting]

Set a password complying with password rules.

[Security] - [Firmware Update (USB) Permission Setting] (with [Password Priority] specified)

Set a password complying with password rules.

In Web Connection, register the certificate.

For details, refer to Encrypting Communications.

Service settings

Service settings must be configured by your service representative.

For details, contact your service representative.

[User Auth/Account Track] - [Authentication Method] - [Public User Access]^*

Set to [Restrict].

[User Auth/Account Track] - [User Authentication Setting] - [Administrative Setting] - [User Name List]^*

Set to [OFF].

[User Auth/Account Track] - [Print without Authentication]^*

Set to [Restrict].

[User Auth/Account Track] - [User/Account Common Setting] - [Counter Remote Control]

Set to OFF.

[User Auth/Account Track] - [Simple Authentication setting] - [Simple Authentication setting]^*

Set to OFF.

[Network] - [SNMP Setting] - [SNMP v1/v2c Setting] - [Write Community Name]^*

Set to OFF.

[Network] - [SNMP Setting] - [SNMP v3 Setting]^*

[Security Level] for read and write allowed users is set to [auth-password/priv-password].

The Security Level can be changed to [auth-password].

[Network] - [TCP Socket Setting] - [Use SSL/TLS]

Set to ON.

[Network] - [Web Browser Setting] - [Web Browser Setting]^*

Set to OFF.

[Network] - [Remote Panel Settings]^*

• [Remote Panel Client Settings] - [Client Setting]: Set to OFF.

• [Remote Panel Server Settings] - [Server Settings]: Set to OFF.

[Network] - [Machine Update Settings] - [Machine Auto Update Settings]^*

This function is not available.

[Network] - [IWS Settings] - [IWS Settings]^*

Set to OFF.

[Network] - [OpenAPI Setting] - [OpenAPI Setting] - [SSL/Port Settings]

Set to [SSL Only].

[System Settings] - [System Connection Setting] - [Mobile Connection Settings] - [Simple Connection Setting]^*

• [QR Code Display Setting]: Set to OFF.

• [Enable NFC]: Set to OFF.

• [Enable Bluetooth LE]: Set to OFF.

[Security] - [Admin. Password Change Permission Sett.] - [Allow password change]

Set to OFF.

[Security] - [USB port connection permission setting]

Set to [Restrict].

[Security] - [FW Update (Network) Perm. Sett.]

Set to OFF.

[Security] - [Secure Boot Function Set.]^*

Set to ON.

[Security] - [Security Details] - [Password Rules]^*

Set to [Complexity 1].

If this option cannot be set to [Complexity 1], the enhanced security mode is not available.

[Security] - [Security Details] - [Prohibit Functions]^*

• [Prohibit Functions] is set to [Mode2] and [No. of Tries] is set to [3]. No. of tries can be changed in the range between [1] and [3]. If this item is set to [4] times or more, it is set to [3] times.

• [Release Time Settings]: The setting range is limited to [5] minutes or more. If this item is set between [1] minutes to [4] minutes, it is set to [5] minutes.

[Security] - [Security Details] - [Print Data Capture]

Set to OFF.

[Security] - [Security Details] - [Personal Data Security Settings] - [Hide Personal Information]

Set to ON.

[Security] - [Security Details] - [Initialize]^*

This function is not available.

[Maintenance] - [Remote Access Setting] - [Import/Export User Data]

Set to OFF.

[Maintenance] - [Import/Export] in Web Connection

This function is not available.

[Security] - [PKI Settings] - [Device Certificate Setting] in Web Connection

[Remove a Certificate] is hidden.

[Security] - [PKI Settings] - [Enable SSL Version]^*

[Mode using SSL/TLS]: Set to [Admin. Mode and User Mode].

[Security] - [PKI Settings] - [Protocol Setting]

[Protocol 1]: [SSL], [Protocol 2]: The certificate is registered in the [HTTP Server].

Remote Diagnosis System

Some functions may be disabled. For details, contact your service representative.

[Security] - [Security Details] - [Maintenance Mode Access]

Set to [Restrict].

[Enable Settings]

When obtaining job logs, set this option to ON (default: OFF).

[Obtain Log Type]

Select whether to obtain job logs for each type.

• [Accounting Log]: Enables you to obtain information relevant to paper consumption for each user or account (default: ON).

• [Counting Log]: Enables you to obtain information about paper consumption and the reduction rate of paper used for printing (default: ON).

• [Audit Log]: Enables you to obtain user operation or job history (default: ON). You can track unauthorized actions or the leakage of information.

[Transmission Method]

Display the method to send job logs to the server ([Auto (syslog)] only).

To configure the log sending setting, select [Job Log Settings] - [syslog TX settings].

[Communication Protocol]

Select the communication protocol (default: [UDP]).

[Communication Server Settings]

Enter the IP address or host name of the destination server.

[Port No.]

If necessary, change the port number (default: [514]).

[Log format]

Select the log format (default: [Standard]).