Security Policy Setting Items
The following settings are related to the security policy of the printer. Place a check mark next to the items you want to apply in the Settings screen.
Some printers do not have this functionality, even if they are listed in the policy name. For example, if the printer does not have the ability to associate with the policy itself, or if it always follows the policy.
For reference, the following table describes whether the function is present 
or not 
for the GX2000 series.
Interface
-
Wireless policy
Prohibiting wireless connections prevents many unspecified accesses.
Policy name
Overview
Printer display
RUI display
Prohibit use of direct connection
<Wireless Direct Enabled/Disabled> is <disabled>, and access from various devices using Wireless Direct is not possible.
On arrival, <Auto Start of Wireless Connect
> is <disabled>, and only manual start is possible using the button.Prohibit use of wireless LAN (Wi-Fi)
<Wireless LAN Enabled/Disabled> is <disabled>, and wireless connection via Wi-Fi router or access point is not possible.
-
USB connection policy
Prohibiting USB connections prevents unauthorized connections and data from being taken out.
Policy name
Overview
Printer display
RUI display
Prohibit use of USB device
<Use as a USB device> is turned <OFF>. USB connection to a computer is not possible.
Prohibit use of USB external storage devices
<Use USB external storage devices> is turned <OFF>. USB external storage devices cannot be used.
Network
-
Communication operational policy
Enforce signature and certificate validation to communicate more securely.
Policy name
Overview
Printer display
RUI display
Always verify signatures when using SMB/WebDAV server functions
<Require an SMB signature to connect> and <Use SMB authentication> in the <SMB server settings> is applied.
<Use TLS> when <Setting WebDAV server> is applied.
If the printer is used as an SMB server or WebDAV server, the electronic certificate signature is verified during communication.
Always verify server certificate when using TLS
Communication with mail servers that cannot be verified by a printer-embedded CA certificate is not possible.
Prohibit cleartext authentication for server functions
When using the printer as a server, cleartext authentication and functions that use cleartext authentication cannot be used.
Prohibit use of SNMPv1
The printer driver, management software, and other software may not be able to communicate with the printer.
Note-
Even if you check Verify server certificates when communicating with TLS, communication with IEEE802.1X/EAP networks is not eligible.
-
-
Port Usage Policy
This prevents external intrusion by closing unused ports.
Policy name
Overview
Printer display
RUI display
Restrict LPD port (Port: 515)
The <LPR protocol setting> is <disabled>. LPD printing is not possible.
Restrict RAW port (Port: 9100)
The <RAW protocol setting> is <disabled>. RAW printing and JPEG printing from a smartphone are not possible.
Restrict FTP port (Port: 21)
FTP printing is not possible.
Restrict WSD port (Port: 3702, 60000)
<Enable/disable WSD> is <disabled>.
<WSD scan from the printer> is <disabled>.
The functionality of the WSD may not be available, and device information may not be retrieved from the driver.
Restrict BMLinkS port (Port: 1900)
Printing from a BMLinkS-compatible printer driver is not possible.
Restrict IPP port (Port: 631)
<IPP Enable/disable> of Wi-Fi and Wireless Direct is <disabled>.
IPP printing is not possible. Printing with Mopria or AirPrint are also not possible.
Restrict SMB port (Port: 139, 445)
The printer cannot be used as an SMB server. The management software cannot communicate with various software.
Restrict SMTP port (Port: 25)
SMTP reception is not possible. The management software cannot communicate with various software.
Restrict dedicated port (port number: 9002, 9006, 9007, 9011-9015, 9017-9019, 9022, 9023, 9025, 20317, 47545-47547)
Dedicated ports cannot be used.
Restrict port of remote operation (port number: 5900)
Remote operation functionality cannot be used.
Restrict mDNS port (Port: 5353)
The <Bonjour setting> is <disabled>.
Search on the network by mDNS (smartphone search from the app etc. on iOS) and automatic setting are not possible. Printing with Mopria or AirPrint are also not possible.
Restrict SLP port (Port: 427)
Searching on the network or setting automatically by SLP is not possible.
Restrict SNMP port (Port: 161)
<SNMPv1 settings> and <SNMPv3 settings> are <disabled>. It may not be possible to acquire or configure device information from your computer or smartphone using SNMP. Printer driver, management software, management by Media Configuration Tool, or Easy Wireless (Easy WL) Connect not possible.
Authentication
-
Authentication operational policy
By thoroughly authenticating users, unauthorized operations by unregistered users can be avoided.
Policy name
Overview
Printer display
RUI display
Prohibit users to use device
Unregistered users will no longer be able to log in to the printer, and print jobs from the computer will be canceled.
Force setting of auto logout
User management settings: Auto logout time
Screen lock function: Enable/disable screen lock setting and time to screen lock
If you do not operate for a certain period of time, you will be automatically logged out.
-
Password operational policy
Restricts password operation strictly.
Policy name
Overview
Printer display
RUI display
Prohibit cache saving of password for external servers
Whenever accessing an external server, a password is required. In addition, the authentication information of logged in users is not retained.
Display warning when default password is in use
If you are using the password set at the time of purchase, a warning message is displayed.
Prohibit use of default password for remote access
When accessing the printer from your computer, the password set at the time of purchase cannot be used.
-
Password settings policy
Set a certain complexity and validity period for passwords used for user authentication so that they are not easily guessed by third parties.
If the password settings policy is set, the administrator password cannot be set from the Wi-Fi Connection Assistant (Windows software).
After setting a password that does not match the password settings policy, the password that does not match the policy is still valid even when you set the password settings policy. By resetting your password, you will be able to set a password that conforms to the password settings policy.
Each item in the password settings policy can be configured, even if the setting appears to be partially inconsistent. Passwords can only be set with input characters and input length that meet the required conditions.
Policy name
Overview
Printer display
RUI display
Minimum number of characters for password
The <Minimum number of characters> is set to <ON>. Users cannot set a password that is less than the number of characters specified in Minimum number of characters on the settings screen.
Set password validity period
Set password validity period.
Prohibit use of 3 or more identical consecutive characters
Users cannot set a password that contains 3 or more consecutive identical characters.
Force use of at least 1 uppercase character
Users cannot set a password not containing uppercase characters.
Force use of at least 1 lowercase character
Users cannot set a password not containing lowercase characters.
Force use of at least 1 digit
Users cannot set a password not containing digits.
Force use of at least 1 symbol
Users cannot set a password not containing symbols.
-
Lockout Policy
If the login operation using the entered password fails for a certain number of consecutive times, the user is prevented from logging in for a certain period.
Policy name
Overview
Printer display
RUI display
Enable lockout
A function to lock out specified users, including administrators, for a specified period of time when they enter the wrong password the specified number of times.
[Target Function] Security administrator password/administrator password/standard user password/standard user login password of specified users
Key/Certificate
Protect your valuable data by preventing the use of weak encryption or by encrypting user passwords and keys within specific hardware.
|
Policy name |
Overview |
Printer display |
RUI display |
|---|---|---|---|
|
Prohibit use of weak encryption |
Weak encryption cannot be used. If checked, "Prohibit use of key/certificate with weak encryption" can be selected. The configurable functions are IPsec, TLS, SNMPv3, and wireless LAN. Example: If you have set up WPA-TKIP/WPA2-TKIP encryption on your Wi-Fi router, the connection will not appear in the SSID list. Connection is not possible even if you enter directly. Enabling this setting while connected will disconnect the Wi-Fi router. |
|
|
|
Prohibit use of key/certificate with weak encryption |
Keys and certificates with weak encryption cannot be used. The target functions are IPsec and TLS. |
|
|
|
Use TPM to store password and key |
Passwords and keys are encrypted and stored in a specific piece of hardware. |
|
|
Log
Allows periodic audits by requiring logging
|
Policy name |
Overview |
Printer display |
RUI display |
|---|---|---|---|
|
Force recording of audit log |
<Acquire operation log> is set to <ON>, <Display job history> is set to <ON>, <Acquire job history from management software> of <Display job history> is set to <Allow>, <Acquire audit log> is set to <ON>, <Acquire authentication log via network> is set to <ON>, and <Display print job username as login name> is set to <ON>. Audit logs are always logged. |
|
|
|
Force SNTP settings |
<Use SNTP> of <SNTP settings> is set to ON. SNTP time synchronization is required. Enter the [Server name] in the Remote UI settings screen. |
|
|
Job
-
Printing Policy
Prevents information leakage by printing.
Policy name
Overview
Printer display
RUI display
Prohibit immediate printing of received jobs
Manages the printing of received images by fax.
-
Sending/Receiving Policy
Restricts the destination operation at the time of sending and the processing method of received data.
Policy name
Overview
Printer display
RUI display
Allow sending only to registered addresses
Faxes can only be sent to addresses registered in the address book.
Restricted fax functions
- Fax - Phonebook - Select List - Edit Destination/(Edit Destination, Delete Destination, Edit Group Dial, Delete Group Dial)
- Fax - enter number
- Fax - redial
- Fax transfer menu - Specify transfer destination
- Scan - Attach manuscript to email - Email direct from printer - Edit email address book
- Scan - Attach manuscript to email - Email directly from printer - Select recipient address - Direct input
- Scan - Attach manuscript to email - Email directly from printer - Select recipient address - Select from input history
- Dial input in fax mode
- When speed dial tool 2 is started, a dialog box will be displayed and it will not be available.
- Destination Folder Settings in the Quick Utility Toolbox not possible.
Force confirmation of fax number
<Security control> <Confirm fax number> is set to <ON>.
A confirmation is required when entering a fax number.
Prohibit auto forwarding
Autosave is not possible.
Storage
|
Policy name |
Overview |
Printer display |
RUI display |
|---|---|---|---|
|
Force complete deletion of data |
Remove removable media, such as HDDs, and forcibly make it impossible to salvage deleted data when analyzed. |
|
|
