SHARP

Security Settings

  • When settings are changed, the changes will take effect after the machine is restarted. For details on restarting this machine, see " TURNING ON THE POWER".
  • All items except for the Password Setting, Enable Filter and Initialize Data in Machine are available in the system settings of the Web page.
    • For Security Settings on the operation panel, see the following " THE SETTING MODE LIST OF THE OPERATION PANEL".

Password Change

The administrator password and user password can be changed.
When you change the password, be sure to remember the new password.
(It is recommended that you periodically change the administrator password.)

  • Enter a password consisting of 1 to 255 characters (when the administrator password is changed: 5 to 255). Your setting is made valid only when the machine is turned On again.
    • The user-level authentication password is required to add, edit or delete the destination. When you log on, enter "users" as the user name. Then, enter the user password that you have registered with this option.
    The administrator-level authentication password is required to select all settings and the same functions as those available with the user-level password. When you log on, enter "admin" as the user name. Then, enter the administrator password that you have registered with this option.
  • If you tap the [Store] key without entering a password, the previously set value is assumed. Password protection is enabled by default.

Restrict Device Web Page Access Via Password

Use this setting to display the login screen and require login in order to access the Web server.

Administrator Password

Changes the setting of the administrator password.
When setting a password, make sure that it contains at least one or more numbers, uppercase and lowercase letters of the alphabet, and symbols.
The characters that can be entered are as follows.

  • Numbers: 0 to 9
  • Upper case alphabet: A to Z
  • Lower case alphabet: a to z
  • Symbols: ! @ # $ % ^ & * ( ) “ ‘ + , - . / : ; < = > ? [ \ ] _ ` { | } ~ and spaces

User Password

Changes the setting of the user password.
When setting a password, make sure that it contains at least one or more numbers, uppercase and lowercase letters of the alphabet, and symbols.
The characters that can be entered are as follows.

  • Numbers: 0 to 9
  • Upper case alphabet: A to Z
  • Lower case alphabet: a to z
  • Symbols: ! @ # $ % ^ & * ( ) “ ‘ + , - . / : ; < = > ? [ \ ] _ ` { | } ~ and spaces

Password Setting

The administrator password can be changed.
When you change the password, be sure to remember the new password.
(It is recommended that you periodically change the administrator password.)

    Enter a password consisting of 5 to 255 characters and tap the [Store] key. Your setting is made valid only when the machine is turned on again.
    The administrator-level authentication password is required to select all settings and the same functions as those available with the user-level password. When you log on, enter "admin" as the user name. Then, enter the administrator password that you have registered with this option.
This setting can only be set on the operation panel.
The characters that can be entered are as follows.
  • Numbers: 0 to 9
  • Upper case alphabet: A to Z
  • Lower case alphabet: a to z
  • Symbols: ! @ # $ % ^ & * ( ) “ ‘ + , - . / : ; < = > ? [ \ ] _ ` { | } ~ and spaces

Condition Settings

Restrict Print Jobs other than the current Print-Hold Job

You can select settings to cancel print jobs that are not print hold jobs, or force all print jobs to be held.
When [Restrict Print Jobs other than the current Print-Hold Job] is turned ON, the settings below can be selected.

Item Description

Force Retention

This setting forcibly sets all print jobs as print hold jobs, even jobs for which print hold is not selected.

Disable Job

Prohibit all print jobs other than print hold jobs.
Factory default settings:
Force Retention

Automactic Delection of Suspended Print Job

If the print job is interrupted due to a paper jam, etc., the job is automatically deleted after the time set in "Time until Suspended Print Jobs are Automatically Deleted" has elapsed.

Factory default settings:
Disable

Time until Suspended Print Jobs are Automatically Deleted

Set the time after stopping a job to automatically deleting the job.

Factory default settings:
5 minutes

Clear All Data When the Jobs are Completed

Completely deletes the data from the memory of the machine when the job is completed.

Factory default settings:
Disable

Reject Requests from External Sites

You can reject the request from external sites.

Factory default settings:
Enabled

Mandatory Access Control

Set whether to perform forced access control. Once set, access to all files inside the machine will be forcibly controlled.

Factory default settings:
Disable

Port Control

For the various major ports used in the system, set the prohibition/permission and port number, and tap the [Store] key.
The ports that can be set are as follows.

Server Port Factory default settings Client Port Factory default settings
Port Control Enable / Disable Port Control Enable / Disable

HTTP

80

Enabled

HTTP

Enabled

HTTPS

443

Enabled

HTTPS

Enabled

FTP Print

21

Enabled

FTP

Enabled

Raw Print

9100

Enabled

FTPS

Enabled

LPD

515

Enabled

SMTP

Enabled

IPP

631

Enabled

SMTP-SSL/TLS

Enabled

IPP-SSL/TLS

443

Disabled

POP3

Enabled

PC Scan

52000

Enabled

SNMP-TRAP

162

Enabled

Remote Operation Panel

5900

Enabled

Notify Job End

Enabled

SNMPD

161

Enabled

LDAP

Enabled

WSD

Enabled

LDAP-SSL/TLS

Enabled

SMB

Enabled

mDNS

Enabled

syslog

514

Enabled

syslog-SSL/TLS

6514

Enabled

Filter Setting

You can set the filter by an IP or MAC address to prevent an unauthorised access to the machine via a network.
Set the IP or MAC address filter and tap the [Store] key.

Factory default settings:
Disable

IP Address Filter Settings

This option sets an IP address.
You can specify whether to allow or prohibit access to the machine from the IP address you set.

Factory default settings:
Enable

MAC Address Filter Settings

This option sets a MAC address.
It allows access to the machine from the MAC address you set.

Enable Filter

Enable the settings made in [System Settings] → [Security Settings] → [Filter Setting] on the Web page.

Factory default settings:
Disable

This setting can only be set on the operation panel.

SSL/TLS Settings

SSL/TLS can be used for data transmission over a network.
SSL/TLS is a protocol that enables the encryption of information communicated over a network. Encrypting data makes it possible to transmit and receive sensitive information safely.
Data encryption can be set by the following protocols.

Setting of SSL/TLS

Server Port

  • HTTPS: Apply SSL/TLS encryption to HTTP communication.
    • Factory default settings:
    Enable
  • IPP-SSL/TLS: Apply SSL/TLS encryption to IPP communication.
    • Factory default settings:
    Disable
  • Redirect HTTP to HTTPS in Device Web Page Access: When this setting is enabled, all communication that attempts to access the machine by HTTP is redirected to HTTPS.
    • Factory default settings:
    Disable

Client Port

  • HTTPS: Apply SSL/TLS encryption to HTTP communication.
    • Factory default settings:
    Enable
  • FTPS: Apply FTP encryption to HTTP communication.
    • Factory default settings:
    Enable
  • SMTP-SSL/TLS: Apply SMTP encryption to HTTP communication.
    • Factory default settings:
    Enable
  • LDAP-SSL/TLS: Apply SSL/TLS encryption to communication using LDAP.
    • Factory default settings:
    Enable
  • syslog-SSL/TLS: Apply SSL/TLS encryption when sending audit logs.
    • Factory default settings:
    Enable
  • Verify Signature of Server Certificate of the Other Party: Validate the certificate of the server you are communicating with.
    • Factory default settings:
    Disable
    Even if "Verify Signature of Server Certificate of the Other Party" is enabled, when "Global Address Search" or "My Address Search" is performed only when the search destination is an LDAP server, the server certificate of the destination is not validated.
  • TLS1.2: Use only TLS1.2.
    • Factory default settings:
    Enable
  • TLS1.3: Use only TLS1.3.
    • Factory default settings:
    Enable

Device Certificate

Certificate Status

Displays the status of the certificate required for SSL/TLS communication. Click the [Select] key to install the certificate.

Certificate Information

If the device certificate is installed, click the [Show] key to display the certificate information.

Select Device Certificate

Click the [Select] key to display the device certificates that have already been registered. Select from them.

IPsec Settings

IPsec can be used for data transmission/reception on a network.
When IPsec is used, data can be sent and received safely without the need to configure settings for IP packet encryption in a Web browser or other higher-level application.
When enabling this settings, take the following notes.

  • It may take some time to reflect on the machine settings, and you cannot connect to the machine during this time.
  • If the settings in the Web page are not correctly selected, connection to the machine may not be allowed, or the settings may not allow printing, scanning, or Setting mode (Web version) display. In this case, deselect this setting and change the System Settings (on Web pages).

Condition Settings

IPsec Settings

Sets whether to use IPsec for transmission.

Factory default settings:
Disable

IKEv1 Settings

Pre-Shared Key

Enter the Pre-Shared Key to be used for IKEv1.

SA Lifetime (time)

Set the SA lifetime.

Factory default settings:
28800 seconds

IKE Lifetime

Set the IKE lifetime.

Factory default settings:
30 seconds

IPsec Rules

The registered IPsec rules are displayed.
To add a new rule, click the [Add] key.
To delete a rule, select the rule you want to delete and click the [Delete] key.

IPsec Rule Registration

Rule Name

Enter a name for the IPsec rule.

Priority

Set the priority level.

Factory default settings:
1

Select the Rule Name to be the Registration Model

If there is a previously registered rule that is similar to the rule you want to create, you can create the new rule based on the registered rule.

Device Address

Set the type of IP address to be used on the machine and the port number (for IPv6, set the port number / prefix length).

Client Address

Set the destination IP address type and port number (for IPv6, set the port number / prefix length).

Protocol

Set the protocol to be used.

Factory default settings:
TCP

Filter Mode

Configure settings for the authentication method used for IPsec.

Factory default settings:
IPsec

IPsec Encryption

Configure settings for the authentication method used for IPsec.

ESP

Select to use ESP authentication.

Factory default settings:
Enable

Allow Communication not using ESP

Specify whether or not communication that does not use ESP is allowed.

Factory default settings:
Enable

AH

Select to use AH authentication.

Factory default settings:
Disable

Allow Communication not using AH

Specify whether or not communication that does not use AH is allowed.

Factory default settings:
Disable

Audit Log

Logs are created and saved for various events relating to security functions and settings.
Audit logs are created and saved in English. However, setting values such as filenames which are input from external sources are saved as-is.
Audit logs which have been saved in the internal memory can be exported by an administrator to a PC as TSV files.
You can select either the internal memory or an external server as the destination for saving audit logs.

When the space for saving audit logs internally becomes full, the logs are overwritten starting from the oldest ones.

Audit Log

"Audit Log" can be carried out as follows.
In the Web page, select [System Settings] → [Security Settings] → [Audit Log]
Select "Security Control", "Storage/Send Settings" or "Save/Delete Audit Log".

Factory default settings:
Disable

Storage/Send Settings

"Storage/Send Settings" can be carried as follows.
In the Web page, select [System Settings] → [Security Settings] → [Audit Log]→ [Storage/Send Settings]
Then make the storage and transmission settings.

Factory default settings:
Server Send:Disable, Enable SSL/TLS:Disable, Port Number:514, Port Number (Use SSL/TLS):6514

Save/Delete Audit Log

"Save/Delete Audit Log" can be carried out as follows.
In the Web page, select [System Settings] → [Security Settings] → [Audit Log]→ [Save/Delete Audit Log]
Select "Save Audit Log" or "Delete Audit Log".

  • "Save Audit Log" can only be carried out from the web page.
  • It will not be displayed if audit logging is disabled or storage is disabled.

Audit Log specifications

If the audit log is saved to an external server, the audit log is temporarily saved in the buffer area reserved in the internal memory until the transmission to the external server is successful.

  • Audit logs that are successfully sent to the external server are cleared from the buffer area.
  • If the transmission to the external server fails, a warning message will be displayed on the operation panel and the screen of the web page, and the transmission will be periodically retransmitted to the external server until the transmission is successful.
The audit events and information stored in the audit log are as shown in the following table.

If the power of this machine is turned off by a method other than the procedure described in the user's manual or due to a power failure, the [End Audit] event may not be recorded. Make sure to turn off the power of this machine according to the correct procedure. We also recommend using an uninterruptible power supply (UPS) in the event of an unforeseen event such as a power outage.
Event name Date & Time
*1		 Operation I/F
*2		 Login Name Result
*3		 Additional Information

Audit Start

Yes

N/A

N/A

Yes

Reasons for starting

Other: security erase

Audit End

Yes

N/A

N/A

Yes

N/A

Job Completion

Yes

Yes

Job owner (SYSTEM)

Yes

Finished job name

I&A Success

Yes

Yes

The string entered as your login name

N/A

IP address of the login source

127.0.0.1 for the operation panel

I&A Failure

Yes

Yes

The string entered as the login name

N/A

IP address of the login source

127.0.0.1 for the operation panel

Add User

Yes

Yes

User who added

Yes

Added login name

Login Terminated

Yes

Yes

The string entered as your login name

N/A

Active termination/ Timeout

Change Password

Yes

Yes

The user who made the change

Yes

Login name of the user whose password has been changed

Change Login Name

Yes

Yes

The user who made the change

Yes

Login name after change

Delete user

Yes

Yes

User who deleted

 Yes

Deleted login name (ALL if all users are deleted)

Add Auth Group

Yes

Yes

User who added

Yes

Added authority group name

Change Role

Yes

Yes

The user who made the change

Yes
  • Login name of the user whose authority group has been changed
  • Changed authority group name

Change Auth Group Setting

Yes

Yes

The user who made the change

Yes

Privilege changed settings Group Name

Add Page Limit Group

Yes

Yes

Users with additional functions

Yes

Name of the additional page limit group

Delete Page Limit Group

Yes

Yes

Users whose functions are deleted

Yes

Name of the deleted page limit group

Change Page Limit Group Setting

Yes

Yes

Users who have changed the settings

Yes

Name of the changed page limit group

Change Time Setting

Yes

Yes

The user who made the change

Yes

N/A

Change Setting

Yes

Yes

User who made the change (“ByPolicy” when applying AD policy)

Yes
  • Setting items whose setting values have been changed
  • Set value after change

Firm Recovery

Yes

N/A

N/A

Yes
  • Firmware name
  • Firmware version after recovery

Exec Rejection

Yes

N/A

N/A

Yes

Distinguished name of firmware or embedded OSA app

TLS, IPsec communication failure (Comm Failure) * Communication partner is other than the audit server

Yes

N/A

Users who are communicating

N/A
  • IP address of the communication starter
  • IP address of the communication partner
  • Communication direction
  • Reason for failure

Modify AddrBook

Yes

Yes

User who updated

Yes
  • At the time of addition: Internal management ID and destination name of the added entry
  • When deleting / changing: Internal management ID of deleted / changed entry

Firm Update

Yes

Yes

User who updated

Yes
  • Firmware name
  • Firmware version before update
  • Firmware version after update

Release Denied Addr

Yes

Yes

Users who have been released

Yes

Released IP address

Send External Dest

Yes

Yes

Users who sent

Yes

Destination e-mail address/IP address/SMB folder path

Web Push Print

Yes

Yes

Users of the function

Yes

IP address from which the file was downloaded

Change Service Setting

Yes

Yes

Users who have changed the settings

Yes

Changed settings and their values

Switch to service mode

Yes

Yes

Service

Yes

N/A

Running in service mode

Yes

Yes

Service

Yes

Changed setting values

*1 The date and time when the event occurred is displayed in the extended format of ISO 8601.

*2 Either Ope/Web/sNet is displayed as the operation interface. However, if it is "N / A" in the table, it will be written as "N / A".

*3 Either Success / Failure will be displayed as the result of the event.

Certificate Management

Device Certificate Management

Import

Import the certificate/private key.

Export

Export the certificate/private key.

Certificate Information

Shows the status of the certificate.

Creation of Certificate and Private Key

Common Name (Required)

Enter the name to be used.

Organization

Enter the name of the organization.

Organizational Unit

Enter the name of the unit within the organization.

City/Locality

Enter the city or locality.

State/Province

Enter the state or province.

Country/Region (Required)

Enter the country code.

Certificate Start Date

Enter the start date and time for the certificate.

Certificate Validity Period

Enter the expiration date of the certificate.

Certificate Information

Enter the Certificate Information.

Certificate Signing Request (CSR) Management

Installation of Certificate

Install the certificate.

Certificate Information

Shows the status of the certificate.

Make of Certificate Signing Request(CSR)

Common Name (Required)

Enter the name to be used.

Organization

Enter the name of the organization.

Organizational Unit

Enter the name of the unit within the organization.

City/Locality

Enter the city or locality.

State/Province

Enter the state or province.

Country/Region (Required)

Enter the country code.

Key Length of Certificate

Specify the key length of the certificate.

Factory default settings:
1024bit

CA Certificate Management

Import

Import the certificate.

Certificate Information

Shows the status of the certificate.

Initialize Data in Machine

Press the [OK] key to initialise the following personal information and data in the machine.

  • All data in address book and related personal information
  • All user information data
  • All job data in this machine
  • Log information
  • Data and areas for internal processing
  • Data in the machine registered/stored by the user
This setting can only be set on the operation panel.

CONTENTS MENU

Version 01a / bp22c25_usr_01a_en

↑Top of page