Item
Description
Default Rule
When a Firewall or IPsec policy is enabled and rules are configured, a default rule
specifies whether to process IP packets that do not match the configured rules.
Select
Drop
(default) to discard traffic that is not covered by the configured rules.
Select
Allow
to allow traffic that is not covered by the configured rules. However,
allowing IP packets that do not match the configured rules is not secure.
See the examples in the next section.
Allow all non-IPsec traffic
Drop all non-IPsec traffic
If IPsec is enabled, select a Default Policy for non-IPsec packets. The default setting is
to discard (drop) non-IPsec packets for maximum security. Dropped packets will not be
processed. You can choose to allow non-IPsec traffic to be processed as long as a
configured IPsec rule is not violated.
Default Rule Example
The following example illustrates the print server behavior depending on whether the default rule is set
to
Allow
or
Drop
(default).
IPsec Policy Configuration Example
: IPsec is enabled on the print server with the following rule:
●
All IPv4 addresses
●
Printing services (Port 9100)
●
A simple IPsec template for these addresses and services has been configured.
If the
Default Rule
is set to
Allow
, then:
●
An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 would
not
be processed
(dropped) because it violates the configured rule.
●
An IP packet that is not IPsec-protected, but with an IPv4 address to a service port other than port 9100 (such as Telnet),
would be allowed and processed.
If the
Default Rule
is set to
Drop
, then:
●
An IP packet that is not IPsec-protected, but with an IPv4 address directed to printing port 9100 would
not
be processed
(dropped) because it violates the configured rule.
●
An IPsec packet with IPv4 address directed to printing port 9100 would be allowed and processed because it matches the
rule.
●
A non-IPsec packet with IPv4 address to the Telnet port would be dropped because of the default rule setting.
IPsec Security Associations (SA)
If a packet is IPsec-protected, there must be an IPsec Security Association (SA) for it. A Security
Association defines how an IP packet from one host to another is IPsec-protected. Among many things,
it defines the IPsec protocol to use, the authentication and encryption keys, and duration of key use.
An IPsec SA is unidirectional; a host may have an inbound SA and an outbound SA associated with
particular IP packet protocols and services, and the IPsec protocol used to protect them.
When properly configured, the IPsec rules define the Security Associations for IP traffic to and from the
Jetdirect print server and can ensure all traffic is secure.
Table 5-1
IPsec Policy page (continued)
96
Chapter 5 IPsec/Firewall Configuration (V.34.xx)
ENWW
Содержание Jetdirect J7974E
Страница 2: ......
Страница 3: ...HP Jetdirect Print Servers Administrator s Guide ...
Страница 10: ...viii ENWW ...
Страница 18: ...8 Chapter 1 Introducing the HP Jetdirect Print Server ENWW ...
Страница 26: ...16 Chapter 2 HP Software Solutions Summary ENWW ...
Страница 68: ...58 Chapter 3 TCP IP Configuration ENWW ...
Страница 104: ...Figure 5 1 Firewall Policy page Figure 5 2 IPsec Policy page 94 Chapter 5 IPsec Firewall Configuration V 34 xx ENWW ...
Страница 114: ...104 Chapter 5 IPsec Firewall Configuration V 34 xx ENWW ...
Страница 162: ...152 Appendix A LPD Printing ENWW ...
Страница 178: ...168 Appendix D Open Source Licensing Statements ENWW ...
Страница 184: ...174 Index ENWW ...
Страница 185: ......
Страница 186: ... 2006 Hewlett Packard Development Company L P www hp com ...