How to configure HP LaserJet Printer IPsec Encryption

 

I always recommend using a static IP for network printers. Once you have that configured use the printers web interface by going to that IP address using internet explorer.

Select the” Networking” Tab > “IPsec/Firewall” as shown below:

clip_image002

First we will add a rule to allow unencrypted traffic from all connections we will later define IPsec rules specific to the print server. You can set encrypted for all but keep in mind if it fails you will have a harder time remotely repairing it.

Select “Add Rules” > “All IP Addresses” as shown below:

clip_image004

Select “All Services” >”Next” as shown below:

clip_image006

Select “Allow traffic…” >”Next” as shown below:

clip_image008

Select “Finish” >”Next” as shown below:

clip_image010

Select “OK” as shown below:

clip_image012

It should take you back to the ” Networking” Tab > “IPsec/Firewall” as shown below:

Note: “Enable IPsec/Firewall” is unchecked

clip_image014

Now we will add an Encrypted Rule:

Select “Add Rules” > “New” as shown below:

clip_image016

Name the Rule, Specify the local and remote IP Addresses or Ranges and Select “OK” as shown below:

clip_image017

Select your new Custom Address Template > “Next” as shown below:

clip_image019

Select “All Services” >”Next” as shown below:

clip_image020

Select “Require traffic…” >”Next” as shown below:

clip_image021

Select “New” as shown below:

clip_image022

Name the Template, Specify the encryption type > “Next”

clip_image023

Review any alerts and click “OK”

clip_image024

Specify the Authentication Method in this case I am using a pre-shared key> “Next” as shown below:

clip_image025

Select your new Custom IPsec Template > “Next” as shown below:

clip_image026

Select “Finish” >”Next” as shown below:

clip_image028

Select “OK” as shown below:

clip_image029

It should take you back to the ” Networking” Tab > “IPsec/Firewall” you now need to put your Rules in order by changing the number in the “Rule” field keeping the higher security rules first and select “Apply” as shown below:

Note: “Enable IPsec/Firewall” is still unchecked

clip_image031

Warning: You break it your bought it. If it goes south you will have to factory reset your printer to gain access again.

To enable the rule select “Enable IPsec/Firewall” and select “Apply” as shown below:

Note: You will be prompted with a warning and an option to enable the failsafe.

clip_image033

Setting up PC IPsec policy to communicate to the HP printer (rough draft)

Edit IP Security Policies on Local Computer and create a new IP Filter:

clip_image034

clip_image036

clip_image037

Source: MY IP Address

clip_image038

Protocol: ANY

Authentication Method:

clip_image040

Filter Actions:

clip_image042

clip_image043

You can view the policy to confirm communications are working by:

pinging the printer IP after both are enabled

access the printer console with the printer IP in your webbrowser

and using the IP Security Monitor to View Main or Quick Security Associations

Note: if you did not select “All Services” above on the HP printer policy you will have intermittent communications issues. I would recommend all or nothing…

Comments

Post a Comment

Popular posts from this blog

FRS to DFSR Post Cleanup “File Replication NtFrs Stopped”

Image
After successfully migrating from FRS to DFSR you get the File Replication NtFrs service is Stopped error on the local servers AD DS Services list. In the Event logs you may see Event id 13575 13577. You can confirm your migration completed by opening a cmd prompt as administrator and typing in: dfsrmig /getmigrationstate After your migration to DFSR is completed and you have given your servers ample time to propagate this service is no longer required. Since it is set to “Automatic”, as shown below” it shows in logs as a false positive error. Edit the File Replication Service and change it to “Disabled”, as shown below: Once it is listed as “Disabled” it will no longer show in the Console as an “error” Note : it may take some time to clear from the active view
Read more

Domain Migration SubinACL /Migratetodomain How To:

Caution : DO NOT run this on Domain Controller C:\ and only run on roaming profiles folders, or my docs shares day of migration to avoid ownership change issues. Confirm Domain trust is in place and users and groups have been migrated Test ping of olddomain.org from new domain Test ping of newdomain.org from olddomain Add newdomain.org domain controller host records to olddomain.org including reverse DNS records Confirm the user running the app is a domain admin in BOTH domains Download SubinACL here: http://www.microsoft.com/en-us/download/details.aspx?id=23510 /Migratetodomain- command will add the permissions of the new user to the old files and folders for example if jimbob@olddomain.org was migrated to the new domain jimbob@newdomain.org and you run the command below any file or folder in that path that has jimbob@olddomain.org will add Jimbob@newdomain.org with the exact same permissions. This is a safer way to migrate by keeping the old and new permissions intact while a...
Read more