String search
Word search

Secure print server communication with IPsec

Use case

I want to achieve that print jobs are secured with IPsec. Take this situation:

  • Print jobs must be protected by IPsec encryption and authentication.

  • The print servers are configured with certificate-based IPsec.

  • The print server certificates are signed by my corporate Root CA.

  • IPsec or HTTPS must be used to secure administration tasks which is done from one workstation.

  • Other workstations are not enabled to submit print jobs or to connect for administration tasks.

  • IPsec is not needed to secure the DHCP and DNS communication.

There are several rules needed to configure this scenario. The base is the rule that blocks all connections by default. The other rules configure the connection with DNS, DHCP, the administration workstation, and the print servers.

IPsec rules

Create an Identity certificate

Create an Identity certificate that is valid for IPsec and HTTPS. Let the certificate sign by the corporate Root CA.

Import the corporate CA Root certificate

Import the corporate Root CA certificate to authenticate the print severs certificates.

Configure IPsec and HTTPS

Configure IPsec and HTTPS.

Create a rule that blocks all connections by default

Add IPsec rule

  1. Click [Configuration]  → [IPsec communication]  → [Add].

  2. Enter a name in the [Name of rule] field.

  3. Select [Rule applies to all endpoints].

  4. Select [Block connections].

  5. Click [OK].

Create a rule that enables DHCP and DNS connections to bypass IPsec

Add IPsec rule

  1. Click [Configuration]  → [IPsec communication]  → [Add].

  2. Enter a name in the [Name of rule] field.

  3. Select [Rule applies to specified IP addresses].

  4. Enter DNS,DHCP in the [Endpoint IP address] text field.

  5. Select [Bypass IPsec].

  6. Click [OK].

Create a rule to secure the connection with the administration workstation with IPsec or HTTPS

Add IPsec rule

  1. Click [Configuration]  → [IPsec communication]  → [Add].

  2. Enter a name in the [Name of rule] field.

  3. Select [Rule applies to specified IP addresses].

  4. Enter the hostname or IP address of the workstation in the [Endpoint IP address] text field.

  5. Select [Request IPsec].

  6. Use the [Authentication method] option to select [Certificate].

  7. Select the root CA certificate.

  8. Click [OK].

Create a rule to secure the connection with the print servers with IPsec

Add IPsec rule

  1. Click [Configuration]  → [IPsec communication]  → [Add].

  2. Enter a name in the [Name of rule] field.

  3. Select [Rule applies to specified IP addresses] to create a rule for which you specify the endpoints.

  4. Enter the address range of the print servers in the [Endpoint IP address] text field.

  5. Select [Require IPsec].

  6. Use the [Authentication method] option to select [Certificate].

  7. Select the root CA certificate.

  8. Click [OK].

More information

Parent topic:
Use cases IPsec security
Privacy Terms of use Cookie information