Management Functions
Information Registered in User Authentication
Up to 5,001 users can be registered.
Registering Department IDs
Up to 1,000 Department IDs can be registered.
Authentication Functions
When an Active Directory server is specified as an authentication server, the following system environment is required.
|
Software (operating system):
|
Windows Server 2003 SP2*1/Windows Server 2003 R2 SP2*1/Windows Server 2008 SP2*1/Windows Server 2008 R2 SP1/Windows Server 2012*2/Windows Server 2012 R2*2
|
|
*1 64-bit operating systems are not supported.
*2 Users cannot log in with Active Directory authentication if Kerberos armoring is enabled for KDCrelated policies (group policies). Make sure to disable Kerberos armoring.
|
|
|
|
|
The current version of User Authentication supports 128-bit AES (Advanced Encryption Standard) authentication and DES (Data Encryption Standard) as Kerberos encryption methods for the Active Directory authentication. The encryption method that is used is automatically selected depending on the Active Directory settings. When both of these methods are available, AES is used.
When using Windows Server 2003 SP2/R2 SP2 as an Active Directory server, you can only use IPv4 as a communication protocol (IPv6 cannot be used).
|
When specifying an Active Directory server as an authentication server, use the following ports*1 on the server.
|
To communicate with a DNS server:
|
port number 53
|
|
To communicate with a KDC (Key Distribution Center):
|
port number 88
|
|
To communicate with a server for LDAP directory service (can be changed to an arbitrary port number for the LDAP service):
|
port number 389
|
|
*1 The above port numbers are default values. These numbers may vary depending on the selected settings.
|
|
When specifying an LDAP server as an authentication server, the following system environment is required.
|
Software:
|
eDirectory V8.8 SP7 for Windows and later
Domino V8.5 for Windows and later
|
|
Operating system:
|
Requirements are pursuant to the product specifications of the LDAP server.
|
When specifying an LDAP server as an authentication server, use the following ports*1 on the server.
|
To communicate with the LDAP server using LDAP (when TLS is enabled):
|
port number 636
|
|
To communicate with the LDAP server using LDAP (when TLS is disabled):
|
port number 389
|
|
*1 The port numbers can be changed according to the LDAP server settings.
|
|
Deletion of the User Setting Information
The following user setting information is deleted.
User names and passwords for using a shared folder/FTP server/WebDAV server/Personal folder
User names and passwords used for authentication to an LDAP server/Rights Management server/SMTP server
User names and passwords for using the Advanced Box
Encryption password/policy password for PDF
Buttons on the Quick Menu
Firewall Settings
When specifying IP addresses in firewall settings, up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
When specifying MAC addresses in firewall settings, up to 100 MAC addresses can be specified.
IPSec
The following system environment is required for IPSec.
|
Supported operating systems:
|
Windows 2000/XP/Vista/7, Windows Server 2003/2008
|
|
Communication protocol:
|
IPv4/IPv6
|
|
Ports used for IKEv1:
|
UDP port number 500
|
|
Applications that IPSec can be applied to:
|
Applications that uses TCP/UDP/ICMP/ICMPv6
|
|
|
|
Multicast and broadcast packets cannot be encrypted.
|
The following keys and certificates (client certificates) can be used for authentication with the digital signature method.
|
Signature algorithm:
|
RSA (Rivest Shamir Adleman)
|
|
Certificate format:
|
PKCS#12
|
Registration of User Signature Certificates
The algorithms and formats of keys and certificates that can be registered are as follows.
|
RSA signature algorithm:
|
SHA-1/SHA-256/SHA-384*/SHA-512*1
|
|
RSA public-key algorithm (key length):
|
RSA (1024 bits/2048 bits)
|
|
Certificate format:
|
PKCS#12
|
|
File extension:
|
pfx/p12
|
|
*1 Available only when the key algorithm is 1024 bits or more.
|
|
Up to 100 user signature certificates can be registered, with a maximum of one user certificate per user.
Registration of Keys and Certificates
The algorithms and formats of keys and certificates that can be registered are as follows.
|
RSA signature algorithm:
|
SHA-1/SHA-256/SHA-384*1/SHA-512*1/MD2/MD5
|
|
RSA public-key algorithm (key length):
|
RSA (512 bits/1024 bits/2048 bits/4096 bits)
|
|
DSA signature algorithm:
|
SHA-1
|
|
ECDSA signature algorithm:
|
SHA-1/SHA-256/SHA-384/SHA-512
|
|
ECDSA public-key algorithm (key length):
|
ECDSA (P256/P384/P521)
|
|
Certificate format:
|
PKCS#12*2
|
|
File extension:
|
p12/pfx
|
|
*1 Available only when the key algorithm is 1024 bits or more.
*2 Available only when installed by using the Remote UI.
|
|
Up to 6 keys and certificates can be registered.
Registration of CA Certificates
The algorithms and formats of keys and CA certificates that can be registered are as follows.
|
RSA signature algorithm:
|
SHA-1/SHA-256/SHA-384*1/SHA-512*1/MD2/MD5
|
|
RSA public-key algorithm (key length):
|
RSA (512 bits/1024 bits/2048 bits/4096 bits)
|
|
DSA signature algorithm:
|
SHA-1
|
|
DSA public-key algorithm (key length):
|
DSA (1024 bits/2048 bits/3072 bits)
|
|
ECDSA signature algorithm:
|
SHA-1/SHA-256/SHA-384/SHA-512
|
|
ECDSA public-key algorithm (key length):
|
ECDSA (P256/P384/P521)
|
|
Certificate format:
|
X.509 DER/PEM
|
|
File extension:
|
cer/pem
|
|
*1 Available only when the key algorithm is 1024 bits or more.
|
|
Up to 50 CA certificates can be registered.
Registration of S/MIME Certificates
The algorithms and formats of S/MIME certificates that can be registered are as follows.
|
RSA signature algorithm:
|
SHA-1/SHA-256/SHA-384*1/SHA-512*1/MD2/MD5
|
|
RSA public-key algorithm (key length):
|
RSA (512 bits/1024 bits/2048 bits/4096 bits)
|
|
DSA signature algorithm:
|
SHA-1
|
|
DSA public-key algorithm (key length):
|
DSA (1024 bits/2048 bits/3072 bits)
|
|
ECDSA signature algorithm:
|
SHA-1/SHA-256/SHA-384/SHA-512
|
|
ECDSA public-key algorithm (key length):
|
ECDSA (P256/P384/P521)
|
|
Certificate format:
|
X.509 DER/PEM
|
|
File extension:
|
cer/pem
|
|
*1 Available only when the key algorithm is 1024 bits or more.
|
|
Up to 2,000 S/MIME certificates can be registered.
Registration of Certificate Revocation Lists (CRL)
Up to 50 certificate revocation lists (CRL) can be registered. Note, however, that CRL cannot be registered in the following cases.
The data size of the CRL exceeds 1 MB.
The number of revoked certificates registered in one CRL file exceeds 1,000.
Definition of "Weak Encryption"
When <Prohibit Use of Weak Encryption> is set to <On>, the use of the following algorithms are prohibited.
|
Hash:
|
MD4, MD5, SHA-1
|
|
HMAC:
|
HMAC-MD5
|
|
Common key cryptosystem:
|
RC2, RC4, DES
|
|
Public key cryptosystem:
|
RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024 bits), DH (512 bits/1024 bits)
|
|
|
|
Even when <Prohibit Use of Key/Certificate with Weak Encryption> is set to <On>, the hash algorithm SHA-1, which is used for signing a root certificate, can be used.
|
Log Management
The following types of logs can be managed on the machine.
|
Log Type
|
Description
|
|
User Authentication
Log |
This log contains information related to the authentication status of user authentication (login/logout and user authentication success/failure), the registering/changing/deleting of user information managed with User Authentication, and the management (adding/editing/deleting) of roles with the ACCESS MANAGEMENT SYSTEM.
|
|
Job Log
|
This log contains information related to the completion of copy/fax/scan/send/print jobs.
|
|
Mail Box Document Operation Log
|
This log contains information related to the operations performed on data in the Mail Box, the Memory RX Inbox, and the Confidential Fax Inbox.
|
|
Mail Box Authentication Log
|
This log contains information related to the authentication status of the Mail Box, the Memory RX Inbox, and the Confidential Fax Inbox.
|
|
Mail Box Backup Log
|
This log contains information related to the backup of the data in the Mail Box, the Memory RX Inbox, and the Confidential Fax Inbox.
|
|
Advanced Box Operation Log
|
This log contains information related to the operations performed on file to the Advanced Box, the Network (Advanced Box of other machines), and the Memory Media.
|
|
Network Connection Log
|
This log contains information related to IPSec communication failures.
|
|
Machine Management Log
|
This log contains information related to the starting/shutting down of the machine, changes made to the settings by using the [Settings/Registration] key, changes made to the settings by using the Device Information Delivery function, and the time setting. The Machine Management Log also records changes in user information or security-related settings when the machine is inspected or repaired by your local authorized Canon dealer.
|
|
Export/Import All Log
|
This log contains information related to the importing/exporting of the settings by using the Export All/Import All function.
|
|
MEAP Application Management Log
|
This log contains information related to the installing/starting/stopping of the MEAP application and the license operation.
|
|
Registering/Updating the Software Log
|
This log contains information related to the manual/delivered installation of MEAP application and system options, manual/delivered update of the firmware, and the settings for the firmware delivery.
|
|
Log for Audit Log Management
|
This log contains information related to the exporting/deleting of logs with this function.
|
|
Security Policy Log
|
This log contains information related to the setting status of the security policy settings.
|
|
Group Management Log
|
This log contains information related to the setting status (registering/editing/deleting) of the user groups.
|
|
Setting Synchronization Log
|
This log contains information related to the synchronization of machine settings. Synchronizing Settings for Multiple Canon Multifunction Printers
|
|
Authentication Print Log
|
This log contains information and the operation history related to the forced hold print jobs.
|
|
|
|
Logs can contain up to 40,000 records. When the number of records exceeds 40,000, they are deleted, with the oldest records first.
|
The log numbers indicated in the log files, which are created when all the logs are collected from the machine and saved in CSV file format, correspond to the following logs.
|
4098
|
User Authentication Log
|
|
1001/8193
|
Job Log
|
|
8197
|
Mail Box Document Operation Log
|
|
8199
|
Mail Box Authentication Log
|
|
8202
|
Export/Import All Log
|
|
8203
|
Mail Box Backup Log
|
|
8200
|
Network Connection Log
|
|
8198
|
Machine Management Log
|
|
3001
|
Log for Audit Log Management
|
|
8196
|
Advanced Box Operation Log
|
|
3101
|
MEAP Application Management Log
|
|
3101/8206
|
Registering/Updating the Software Log
|
|
8204
|
Security Policy Log
|
|
8205
|
Group Management Log
|
|
8208
|
Setting Synchronization Log
|
|
8207
|
Authentication Print Log
|
Import/Export of the Setting Data
Data Backup/Restoration
To back up or restore data, you can use an external hard disk that meets the following requirements.
|
Type/Version:
|
USB 2.0
|
|
File system:
|
FAT32
|
|
Partition size:
|
more than 32 GB (Must not be divided into multiple partitions)
|
|
Power supply:
|
must supply power from an external power source
|
Number of machines and users supported by synchronization of custom settings (server)
Number of synchronizable machines in a group: 10
Number of synchronizable users for personalized setting values: 1,000
Maximum number of users whose setting information can be saved in the machine
Users: 200
Groups: 50