Configure settings to enable use of IPsec on this machine.
Setting | Description | |
---|---|---|
[IPsec Setting] | Specify parameters required for IPsec communication.
| |
[Enable IPsec] | Configure settings to enable use of IPsec (Here). | |
[Communication Check] | Enter the peer's IP address into [IP Address], then select Check Connection. If the connection fails, confirm communication error logs. |
Restrict devices that can access this machine depending on the range of IP addresses.
Setting | Description |
---|---|
[IPv4 Filtering (Permit Access)] | Specify an IPv4 address to allow access to this machine.
|
[IPv4 Filtering (Deny Access)] | Specify an IPv4 address to deny access to this machine.
|
[IPv6 Filtering (Permit Access)] | Specify an IPv6 address to allow access to this machine.
|
[IPv6 Filtering (Deny Access)] | Specify an IPv6 address to deny access to this machine.
|
Allows you to restrict the devices that can access this machine using the IP address (IPv4/IPv6). The range of IP addresses for which access is to be restricted is specified automatically.
Select the method to specify the IP address for which access is restricted. [Synchronize IP Address] is specified by default. In some areas, [No Filtering] is specified by default.
[Synchronize IP Address]: For the IPv4 address, this option only permits access for the IPv4 address set to this machine, and the IPv4 addresses of which the high-order 3 bytes are the same.
Example: When the IPv4 address of this machine is set to "192.168.0.134", the range of IPv4 addresses that allow access is as follows.
192.168.0.0 to 192.168.0.255
For the IPv6 address, this option only permits access for the global unicast address (2000::/3). Also, this option only permits access for the IPv6 address set to this machine, and the IPv6 addresses of which the high-order 64 bits are the same.
Example: When the IPv6 address of this machine is set to "2345:1:2:3:4:5:6:7", the range of IPv6 addresses that allow access is as follows.
2345:1:2:3::0 to 2345:1:2:3:FFFF:FFFF:FFFF:FFFF
[Synchronize Subnet Mask]: For the IPv4 address, this option only permits access for IPv4 addresses that belong to the same network using the IPv4 address set to this machine and subnet mask.
If no subnet mask is set or "0.0.0.0" is specified, this option permits the IPv4 address set to this machine, and the IPv4 addresses each of which only the suffix is different. This results in the same operation as for [Synchronize IP Address].
Example: When the IPv4 address of this machine is set to "192.168.17.134" and the subnet mask is set to "255.255.252.0", the range of IPv4 addresses that allow access is as follows.
192.168.16.*** to 192.168.19.***
For the IPv6 address, this option only permits access for the global unicast address (2000::/3). Also, filtering is carried out using the global IPv6 address set to this machine and prefix.
If the prefix is not specified, filtering is carried out in the same way as when the 64-bit prefix is specified.
Example: When the IPv6 address of this machine is set to "2345:1:2:3:4:5:6:7" and Prefix is set to "/64", the range of IPv6 addresses that allow access is as follows.
2345:1:2:3::0 to 2345:1:2:3:FFFF:FFFF:FFFF:FFFF
[No Filtering]: Does not use the filtering function.
If the quick IP filtering function is used, the range of IP addresses for which access is to be restricted is specified automatically. To manually specify the range of IP addresses for which access is to be restricted, set [IP Address Filtering] or [Packet Filtering] instead of using [Quick IP Filtering].
When Quick IP Filtering is enabled, you may fail to access Web Connection. If you cannot access Web Connection, set Quick IP Filtering to [No Filtering].
Restrict a reception of packets sent to the machine depending on the source address. This function also restricts sending depending on the destination address.
Setting | Description |
---|---|
[Log Settings] | Records a history of packets with receiving or sending denied by the packet filtering function.
|
[Import] | Collectively imports multiple filters from a USB flash drive. This option is available to edit filters exported from the machine on the computer before importing them. |
[Export] | Exports all the registered filters to a USB flash drive. |
[TX/RX address out of range] | Select whether to allow sending or receiving a packet to which the registered filter is not applied (default: [Allow]). |
To register a new filter, specify an unregistered number in the filter list, and select [Registration].
Setting | Description |
---|---|
[Address Type] | Select the address type for the target packet. |
[Start Address] | Specify the range of addresses to be filtered.
|
[End Address] | When you select IPv4 in [Address Type], specify the ending address of the IPv4 address range to be filtered. If you skip [End Address], only the address specified in [Start Address] is targeted for filtering. Format: "*.*.*.*" For "*", specify the value between 0 and 255. When you specify the prefix length of the IPv4 address in [Start Address], you cannot specify the ending address. |
[Receive/Send] | Select the communication direction of the target packet.
If you select [MAC Address] in [Address Type], you cannot set to [TX]. |
[Allow/Denied] | Select whether to allow or reject a communication of the target packet. |
To edit or delete a registered filter, specify the target one in the filter list, and select [Edit] or [Delete].
When IEEE802.1X authentication is installed in your environment, configure settings to use IEEE802.1X authentication on this machine.
Setting | Description |
---|---|
[IEEE802.1X Authentication Setting] | |
[IEEE802.1X Setting] | |
[IEEE802.1X Authentication Trial] |
Restrict the domain of the recipient to send an E-mail, Internet fax, or IP address fax.
Setting | Description |
---|---|
[Domain Send Operation Restriction Setting] | Select whether to limit the recipient domain (default: [Do Not Limit]). |
[Limit Type] | Select a method to restrict the recipient domain.
|
[Permitted TX List] | Specify the domain to be permitted as the recipient when [Permitted TX] is selected in [Limit Type]. Select a recipient domain key, then enter the IP address or domain name of the domain (using up to 255 bytes).
|
[Send Deny List] | Specify the domain to be rejected as the recipient when [Send Deny] is selected in [Limit Type]. Select a recipient domain key, then enter the IP address or domain name of the domain (using up to 255 bytes).
|
[Limitation check of Shared address] | Check whether destinations with transmission disabled are included in the destinations registered on this machine. |
If [Permitted TX] is selected in [Limit Type], the setting of [Send Deny List] is deleted.
If [Send Deny] is selected in [Limit Type], the setting of [Permitted TX List] is deleted.
Summarizes settings to enhance the security of this machine. We recommend that you change settings in order to use this machine more securely.
Setting | Description |
---|---|
[Quick IP Filtering] | When using the quick IP filtering function, select the method to specify the IP address for which access is restricted. [Synchronize IP Address] is specified by default. In some areas, [No Filtering] is specified by default. For details on Quick IP Filtering function, refer to Here. |
[Administrator Password Setting] | Change the administrator password of this machine (using up to 64 characters). Be sure to remember the changed password so that you do not forget it. This setting is displayed when SSL communication is enabled in Web Connection. |
[Password Rules] | When enabling the Password Rules, set this option to ON (default: OFF). For details on the Password Rules, refer to Here. |
[Web Conn.setting] | When using Web Connection, set this option to ON (default: ON). |
[Security Warning Display Setting] | To display the security warning screen if the administrator password remains set to the default or if password rules are not satisfied, set this option to ON. ON is specified by default. In some areas, OFF is specified by default. |
[USB flash drive function settings] | Specify whether to permit a function that requires the USB Port.
|
Change the administrator password of this machine (using up to 64 characters). Be sure to remember the changed password so that you do not forget it.
If you enter an incorrect administrator password a configured number of times, you are prohibited from using this machine. In this case, contact your service representative.
Specify whether to allow a change of the administrator password for each function.
Setting | Description |
---|---|
[Password Change Permission] | When allowing the user to change the administrator password, set this option to ON (default: ON). |
[Function] | Specify the functions for which the administrator password can be changed.
|
From those items that are set up by the administrator, select levels at which users are authorized to change settings (default: [Restrict]).
Configure the settings you have opened up to users in [Utility].
Setting | Description |
---|---|
[Level 1] | Open up the following settings to the users.
|
[Level 2] | Open up the following settings to the users.
|
[Restrict] | The settings are not opened up to users. |
Specify whether to permit a function that requires the USB Port.
Setting | Description |
---|---|
[Set All] | Select whether to restrict all the functions using the USB Port, or configure a setting for each function (default: [Detail Setting]). |
If [Detail Setting] is selected in [Set All], configure the following settings.
Setting | Description |
---|---|
[Authentication Device] | When allowing a connection with the Authentication Unit, select [Allow] (default: [Allow]). |
[External Keyboard] | When allowing the user to connect an external keyboard, set this option to ON (default: ON). |
[USB flash drive (User)] | Specify whether to allow the use of USB memory for functions to be used by the user (default: [Individual Settings]).
|
[USB flash drive (Administrator)] | Specify whether to allow the use of USB memory for functions to be used by the administrator (default: [Individual Settings]).
|
[USB flash drive (Service)] | Specify whether to allow the use of USB memory for functions to be used by the service engineer (default: [Individual Settings]).
|
[PC Connect] | Specify whether to enable to print files from a USB-connected computer (default: [Individual Settings]).
|
If [USB flash drive (Administrator)] is set to OFF, [TPM Key Backup] is set to OFF in addition to the functions that can be set in [Individual Settings]. Also, USB memory is not available for the following functions.
[TX Operation Log Output], [Main Menu Display Settings], [License Settings], [Authorization function Setting], import, export, or log storage of [Packet Filtering] in the main unit, import or export of Web Connection via the Web browser of the main unit
If [USB flash drive (Service)] is set to OFF, some functions are restricted in addition to the functions that can be set in [Individual Settings].
When enabling the Password Rules, set this option to ON (default: OFF).
Once Password Rules is enabled, the number of characters and text types that are available for passwords is restricted. If necessary, change the minimum number of password characters.
Once Password Rules is enabled, the following rules are applied to any password that is configured on this machine.
The minimum number of characters set in [Set Minimum Password Length] (default: 15 characters).
Passwords are case sensitive.
A password consisting of a string of identical characters cannot be used.
The previous password cannot be used.
The password rules are applied to:
Administrator Password
User Password
Account Password
User Box Password
User Box Administrator Password
Secure Print Document Password
WebDAV Server Password
SNMP Password
Remote panel server password
Encryption Passphrase
Define the severity of penalties applied if an incorrect password is entered during the authentication process.
Setting | Description |
---|---|
[Prohibit Functions] | Select the severity of penalties applied if an incorrect password is entered during the authentication process (default: [Mode 1]).
|
[No. of Tries] | When [Mode 2] is selected in [Prohibit Functions], specify the number of password entry failures that occurred until authentication operation is restricted. |
[Release] | Select an item to be released from Access Lock during authentication failure. |
[Release Time Settings] | If necessary, change the time that elapses before an access lock state in the Administrator Setting mode is canceled (default: [5] min.). If a predetermined time has elapsed after the machine was restarted, an access lock state is canceled. |
Display the method to access files in the Secure Document User Box (default: [Mode 1]). This function is forced determined in conjunction with [Prohibit Functions].
[Mode 1]: Displays all files when the document ID and password specified in the printer driver are entered. Select a desired file and print it.
[Mode 2]: Displays all files when the document ID specified in the printer driver are entered. To print, select your desired file, then enter the appropriate password for each file.
Select whether to allow the user to directly enter a destination (default: [Allow All]).
[Allow All]: Allows the direct input of destinations.
[Allow Fax Only]: Allows direct input of a fax number only.
[Restrict]: Restricts the direct input of destinations.
When prohibiting the fax transmission, set this option to ON (default: OFF).
Even if fax transmission is prohibited, fax receiving is possible.
When displaying the screen to confirm the registration contents of the selected destination at selection of the registered destination, set this option to ON (default: OFF).
This setting is available when [Restrict User Access] - [Multiple Addresses Restriction Setting] (Here) is set to OFF.
When permitting the specification of multiple destinations, you should set [Address Selection Confirmation Display] to ON to prevent a transmission failure.
Specify whether to hide personal information, such as destination and file name, in [Active] and [Log] in the [Job List] screen.
Setting | Description | |
---|---|---|
[Job History] | Configure settings to display personal information of the job history screen.
| |
[Current Job] | Configure settings to display personal information of the active job screen.
|
When logged in as an administrator or User Box administrator, all personal information is displayed regardless of the settings.
When displaying the file name, destination, and User Box name or User Box number for the MIB information, set this option to ON (default: ON).
When displaying scan or fax activity logs, set this option to ON (default: ON).
If OFF is selected, [Comm. List] does not appear on the [Job List] screen.
Initializes the settings in [Job History], [Copy Program], [Network Settings], [Store Address], and [Enhanced Server Information].
Select items you want to initialize, then tap [OK].
When using the application associated with the Web browser function of this machine, select whether to allow an access to the contents saved in the storage device of this machine via the Web browser (default: [Allow]).
Specify the type of the user who can change the user data setting of the Web browser (default: [Administrator Only]).
Selecting [Administrator + User] allows you to configure the following Web browser settings using the registered user's privileges.
Home page
Start up
Web data (Cookie, Web Storage, or Indexed Database)
Authentication information
This setting is displayed when [Web Browser Setting] (Here) is set to ON.
When allowing the user to change the settings of this machine by loading the configuration file saved in a USB flash drive, set this option to ON (default: ON).
When allowing our service representative to back up or restore the storage on this machine, set this option to ON (default: OFF).
Select whether to enable the Enhanced Security Mode.
If you enable the Enhanced Security Mode, the various security functions are forcibly configured. This allows you to ensure higher-level security of data management. For details, contact your service representative.
To enable the enhanced security mode, the following settings must have been configured.
Prerequisite settings | Check Job |
---|---|
[User Auth/Account Track] - [Authentication Type] - [User Authentication] | Select an option other than [OFF]. (When external server authentication is used, only Active Directory is available as the server type.) |
[Security] - [Administrator Password Setting] | Set a password complying with password rules. |
In Web Connection, register the certificate. | For details, refer to Here. |
Service settings | Service settings must be configured by your service representative. For details, contact your service representative. |
If you enable the Enhanced Security Mode, the following settings are forcibly changed.
Setting items in Administrator Settings | Settings to forcibly changed |
---|---|
[Security] - [Restrict User Access] - [Registering and Changing Addresses]* | Set to [Restrict]. |
[User Auth/Account Track] - [Authentication Type] - [Public User Access]* | Set to [Restrict]. |
[User Auth/Account Track] - [User Authentication Settings] - [Administrative Setting] - [User Name List]* | Set to [OFF]. |
[User Auth/Account Track] - [Print without Authentication]* | Set to [Restrict]. |
[User Auth/Account Track] - [User/Account Common Setting] - [Counter Remote Control] | Set to OFF. |
[User Auth/Account Track] - [URL display enable setting] | Set to OFF. |
[User Auth/Account Track] - [Simple Authentication setting] - [Simple Authentication setting]* | Set to OFF. |
[Network] - [FTP Setting] - [FTP Server Setting] - [FTP Server]* | Set to OFF. |
[Network] - [E-mail Setting] - [E-mail TX (SMTP)] - [Server load reduction transmission method] | When [Scan TX by Download URL method only when maximum limit is exceeded] or [Always Scan TX by Download URL method] is selected, this option is set to [OFF]. |
[Network] - [E-mail Setting] - [S/MIME] - [S/MIME Comm.Setting]* |
|
[Network] - [SNMP Setting] - [SNMP v1/v2c Setting] - [Write Community Name]* | Set to OFF. |
[Network] - [SNMP Setting] - [SNMP v3 Setting]* | [Security Level] for read and write allowed users is set to [auth-password/priv-password]. The Security Level can be changed to [auth-password]. |
[Network] - [TCP Socket Setting] - [SSL/TLS Settings] | Set to ON. |
[Network] - [WebDAV Settings] - [WebDAV Server Settings] - [SSL Setting] | Set to [SSL Only]. |
[Network] - [Web Browser Setting] - [Web Browser Setting]* | Set to OFF. |
[Network] - [Remote Panel Settings]* |
|
[Network] - [E-mail Setting] - [E-mail RX Print] - [E-mail RX Print]* | Set to OFF. |
[Network] - [Machine Update Settings] - [Machine Auto Update setting]* | This function is not available. |
[Network] - [IWS Settings] - [IWS Settings]* | Set to OFF. |
[Fax Settings] - [Report Settings] - [Tx Result Report Print Settings] - [Report File Attachment]* | Set to [Do Not Attach]. |
[Network] - [OpenAPI Setting] - [OpenAPI Setting] - [SSL/Port Settings] | Set to [SSL Only]. |
[System Settings] - [System Connection Setting] - [Mobile Connection Settings] - [Simple Connection Setting]* |
|
[Security] - [Administrator Password Change Permission Setting] - [Password Change Permission] | Set to OFF. |
[Security] - [User Box Administrator Setting]* | Set to OFF. |
[Security] - [USB port connection permission setting] | Set to [Restrict]. |
[Security] - [Firmware Update (USB) Permission Setting] | Set to [Password Priority]. |
[Security] - [Secure Boot Function Set.]* | Set to [Enable]. |
[Security] - [User box usage restriction] - [Public User Box] | If you approve the deletion of all the documents in a Public User Box, this option is set to [OFF]. |
[Security] - [Security Details] - [Password Rules]* | Set to ON. If this option cannot be set to ON, the enhanced security mode is not available. |
[Security] - [Security Details] - [Prohibit Functions]* |
|
[Security] - [Security Details] - [Confidential Document Access Method] | Set to [Mode 2]. |
[Security] - [Security Details] - [Print Data Capture] | Set to OFF. |
[Security] - [Security Details] - [Hide Personal Information (MIB)] | Set to ON. |
[Security] - [Security Details] - [Initialize]* | If you select [Network Settings] and start it, the Enhanced Security Mode is canceled. |
[Remote Access Setting] - [Import/Export User Data] | Set to OFF. |
[Maintenance] - [Import/Export] in Web Connection | The password must be configured. |
[Security] - [PKI Settings] - [Device Certificate Setting] in Web Connection | [Remove a Certificate] is hidden. |
[Security] - [PKI Settings] - [SSL Setting] in Web Connection* |
|
[Security] - [PKI Settings] - [Protocol Setting] in Web Connection | [Protocol 1]: [SSL], [Protocol 2]: The certificate is registered in the [http Server]. |
Remote Diagnosis System | Some functions may be disabled. For details, contact your service representative. |
Preview Secure Document User Box | Only the list is displayed before the password authentication is performed. |
[Security] - [Security Details] - [Maintenance Mode Access] | Set to [Restrict]. |
Memory RX User Box | Only the administrator can print, send, or delete documents in the Memory RX User Box. |
Screen view style | Switched to the classic style. |
If you change a setting item (marked by an asterisk *) that has been changed synchronously with [Enhanced Security Mode], a confirmation dialog box appears, and the Enhanced Security Mode is canceled.
A setting that has been forcibly changed when the [Enhanced Security Mode] was enabled will not be changed if you disable the [Enhanced Security Mode].
Once the password rules have been enabled, an item for which a password that do not comply with the rules has been configured will result in authentication failure.
Allows you to check the used area, entire area, and free space on the storage device of this machine.
When disposing of this machine or returning it to a leasing business, use this function to delete all data saved on the storage device of this machine by overwriting. This function also resets all passwords to the factory settings.
Prior to performing this operation, contact your service representative.
To perform deletion by overwriting, select [Overwrite + Format], and tap [OK].
To print a result report after deleting data, select [Overwrite + Format + Print Report]. You can specify the customer name to be added to a report as required. For details, refer to Here.
Protect saved data by locking the storage using a password.
To lock the storage with the password, enter a lock password (using 20 characters, case-sensitive).
Be sure to keep the password you have entered carefully so that you do not forget them. Should the password be lost, it takes a major recovery work to restore it.
If a password is already set, you can change or cancel it.
Formats the storage device of this machine.
Retrieve any data needed from the storage device of this machine beforehand.
Formatting the storage device of this machine causes the following types of data to be deleted.
Program
Address Book
Authentication method setting
User authentication setting
Account track setting
User Box
User Box setting
Documents in User Boxes
Confidential User Box setting
Bulletin Board User Box setting
Formatting the storage causes data in the storage to be deleted. We recommend you to back up important data.
This function is not available when the password is specified in [Storage Lock Password] (Here).
Tap [Utility] - [Storage Management] - [Encryption Settings] - [Main Storage].
Select [Yes], and tap [OK].
Enter the encryption passphrase using 20 or 64 characters (case-sensitive).
Check that a message is displayed to prompt you to turn the Main Power Switch off and on, and turn the Main Power Switch off and on.
When restarting this machine, turn the Main Power Switch off and on again after 10 or more seconds have passed. Not doing so may result in an operation failure.
After the machine restarted, encryption starts.
Do not turn the Main Power Switch off and on during the encryption process.
When encryption is completed, this machine restarts automatically, and a message is displayed to prompt you to reformat the storage.
Tap [Utility] - [Storage Management] - [Format].
Select [Yes], and tap [OK].
Formatting starts.
Check that a message is displayed to prompt you to turn the Main Power Switch off and on, and turn the Main Power Switch off and on.
When restarting this machine, turn the Main Power Switch off and on again after 10 or more seconds have passed. Not doing so may result in an operation failure.
Encryption processing is completed.
To forcibly apply stamps to original data, set this option to ON (default: OFF). In addition, specify the stamp type, printing position, etc.
Users are not allowed to manually change or cancel the settings for the stamp function. You can explicitly indicate the sender identification by adding the user name or company name.
Deletes stamps registered on this machine.
When enabling the FIPS (Federal Information Processing Standardization) mode, set this option to ON (default: OFF).
FIPS defines security requirements for cryptographic modules. These standards have been adopted by many organizations, including U.S. federal government agencies. Enabling the FIPS Mode makes the functions of the machine conform to the FIPS.
Select whether to permit your service representative to change the settings of this machine without administrator authentication (default: [Restrict]).
Specify a restriction code to prevent an OpenAPI connection application from being registered on this machine.
For details, contact your service representative.