Administrator's Guide

ManualsBrandsEpson ManualsPrintersEpson Epson WorkForce Pro WF-R5690 Replaceable Ink Pack System

Summary of content (56 pages)

PAGE 1
Administrator's Guide
PAGE 2
PAGE 3
Contents Administrator's Guide................................................................................................................................. 7 Using Web Config Network Configuration Software ................................................................................ 8 About Web Config ................................................................................................................................ 8 Accessing Web Config ..................................................
PAGE 4
CSR Import Settings ................................................................................................................. Deleting a CA-signed Certificate ............................................................................................... Updating a Self-signed Certificate............................................................................................. Using an LDAP Server.....................................................................................................
PAGE 5
Cannot Import a Digital Certificate ................................................................................................. Cannot Update a Certificate or Create a CSR ............................................................................... Deleted a CA-signed Certificate .................................................................................................... Where to Get Help........................................................................................................
PAGE 6
PAGE 7
Administrator's Guide Welcome to the Administrator's Guide. For a printable PDF copy of this guide, click here. Note: Not all features mentioned in this Administrator's Guide are available with every product model.
PAGE 8
Using Web Config Network Configuration Software Follow the instructions in these sections to configure your product's adminstrator network settings using the Web Config software. Note: Before you can configure system administration settings, connect the product to a network. See the product's Start Here sheet and User's Guide for instructions.
PAGE 9
• IPv6: http://[product IP address]/ The Basic Settings page appears: 4. To use HTTPS, configure the address to use HTTPS in your browser. A message warning about the self-signed certificate appears. To access Web Config after configuring the address to use HTTPS, enter https:// before the product IP address, shown in step 3. Note: If the product name is registered with the DNS server, you can use the product name instead of the product IP address to access Web Config.
PAGE 10
User Feature Restriction You can restrict available product features for up to 10 individual users, with different features available to each user. This requires users to log into the product control panel with their user name and password before they can use control panel features. With Windows, you can also restrict printing and scanning from the product software.
PAGE 11
• Web services such as Epson Connect or Google Cloud Print • Smartphones and other mobile devices 4. Click OK. 5. Select Access Control Settings and select User Settings. 6. Click Add. You see a window like this: 7. Enter a name for a user in the User Name field following the guidelines on the screen. Use ASCII (0x20-0x7E) characters. 8. Enter a password for the user in the Password field following the guidelines on the screen. Note: If you need to reset a password, leave the password field blank. 9.
PAGE 12
Parent topic: Restricting Features Available for Users Changing the Administrator Password in Web Config You can set an administrator password using your product's control panel or using Web Config or EpsonNet Config. You use the same administrator password in all cases. Note: See your product's User's Guide for instructions on setting an administrator password using the control panel. If you forget your administrator password, contact Epson for support, as described in the product's User's Guide. 1.
PAGE 13
Using Your Product on a Secure Network Follow the instructions in these sections to configure security features for your product on the network using the Web Config software. Configuring SSL/TLS Communication Configuring IPsec/IP Filtering Configuring SNMPv3 Protocol Settings Connecting the Product to an IEEE802.
PAGE 14
You see a window like this: 3. Select one of the following options for the Encryption Strength setting: • High for AES256/3DES • Middle for AES256/3DES/AES128/RC4 4. Select Enable or Disable for the Redirect HTTP to HTTPS setting as necessary. 5. Click Next. You see a confirmation message. 6. Click OK. Parent topic: Configuring SSL/TLS Communication Configuring a Server Certificate for the Product You can configure a server certificate for your product. 1.
PAGE 15
You see a window like this: 3. Select one of the following options for the Server Certificate setting: • Self-signed Certificate: select if you have not obtained a CA-signed certificate and want the product to generate a self-signed certificate • CA-signed Certificate: select if you have obtained a CA-signed certificate 4. Click Next. You see a confirmation message. 5. Click OK.
PAGE 16
About IPsec/IP Filtering You can filter traffic to the product over the network based on IP address, service, and port by configuring a default policy that applies to every user or group connecting to the product. For control of individual users or user groups, you can configure group policies. Note: IPsec is supported only by computers running Windows Vista or later, or Windows Server 2008 or later.
PAGE 17
Configuring Group IPsec/IP Filtering Policies You can configure group policies for IPsec/IP traffic filtering using Web Config. 1. Access Web Config and select Network Security Settings. 2. Select IPsec/IP Filtering and select Basic. 3. Click a tab number for the policy number you want to configure. You see a window like this: 4. Select the Enable this Group Policy checkbox. 5. Select the filtering options you want to use for this group policy. 6. Click Next. You see a confirmation message. 7. Click OK. 8.
PAGE 18
IPsec/IP Filtering Policy Settings Default Policy Settings Setting Options/Description Access Control Permit Access to permit IP packets to pass through Refuse Access to prevent IP packets from passing through IPsec to permit IPsec packes to pass through Authentication Method Select an authentication method, or select Certificate if you have imported a CA-signed certificate Pre-Shared Key If necessary, enter a pre-shared key between 1 and 127 characters long Encapsulation If you selected IPsec as t
PAGE 19
Group Policy Settings Setting Options/Description Access Control Permit Access to permit IP packets to pass through Refuse Access to prevent IP packets from passing through IPsec to permit IPsec packes to pass through Local Address(Printer) Select an IPv4 or IPv6 address that matches your network environment; if the IP address is assigned automatically, select Use auto-obtained IPv4 address Remote Address(Host) Enter the device's IP address (between 0 and 43 characters long) to control access, or lea
PAGE 20
Setting Options/Description Local Port If you selected Port Number as the Method of Choosing Port option, and TCP or UDP for the Transport Protocol option, enter the port numbers that control receiving packets (up to 10 ports), separated by commas, for example 25,80,143,5220; leave this setting blank to control all ports; see the next table for more information Remote Port If you selected Port Number as the Method of Choosing Port option, and TCP or UDP for the Transport Protocol option, enter the port
PAGE 21
Setting Options/Description Security Protocol If you selected IPsec as the Access Control option, select one of these security protocols: ESP, to ensure the integrity of authentication and data, and encrypt data AH, to ensure the integrity of authentication and data; if data encryption is prohibited, you can use IPsec Group Policy Guidelines Service name Protocol type Local/Remote port number Controls these operations ENPC UDP 3289/Any port Searching for a product from applications such as printe
PAGE 22
Service name Protocol type Local/Remote port number Controls these operations FTP Data (Local) TCP 20/Any port Forwarding FTP printing data to FTP server FTP Control (Local) TCP 21/Any port Controlling FTP printing to FTP server FTP Data (Remote) TCP Any port/20 Forwarding scan data and received fax data to FTP client; controls only an FTP server that uses remote port 20 FTP Control (Remote) TCP Any port/21 Forwarding scan data and received fax data to FTP client CIFS (Local)* TCP 445/An
PAGE 23
• Access Control: IPsec • Authentication Method: Pre-Shared Key • Pre-Shared Key: Enter a key up to 127 characters long Receiving Printing Data and Printer Settings Use this example to allow communication of printing data and printer settings from specified services.
PAGE 24
You see a window like this: 3. Select the certificate you want to use as the Use the following CA Certificate option. 4. Select the certificate you want to use as the Use the following Client Certificate option. 5. Click Next. You see a confirmation message. 6. Click OK. Parent topic: Configuring IPsec/IP Filtering Configuring SNMPv3 Protocol Settings If your product supports the SNMPv3 protocol, you can monitor and control access to your product using that protocol. 1.
PAGE 25
You see a window like this: 3. Select the Enable SNMPv3 checkbox to enable SNMPv3 settings. 4. Select the settings you want in SNMPv3 Settings section. 5. Click Next. You see a confirmation message. 6. Click OK. SNMPv3 Settings Parent topic: Using Your Product on a Secure Network SNMPv3 Settings You can configure these SNMPv3 settings in Web Config.
PAGE 26
Setting Options/Description Algorithm Select and algorithm for an encryption Password Enter a password from 8 to 32 characters long in ASCII Confirm Password Enter the encryption password again Context Name Enter a context name from 1 to 32 characters long in ASCII Parent topic: Configuring SNMPv3 Protocol Settings Connecting the Product to an IEEE802.1X Network Follow the instructions in these sections to connect the product to an IEEE802.1X network using Web Config. Configuring an IEEE802.
PAGE 27
You see a window like this: 3. Select Enable as the IEEE802.1X (Wired LAN) setting. 4. To use the product on a Wi-Fi network, enable your product's Wi-Fi settings. See your product's User's Guide for instructions. The status of the connection shown in the IEEE802.1X (Wi-Fi) setting. Note: You can share the network settings for Ethernet and Wi-Fi networking. 5. Select the IEEE802.1X setting options you want to use. 6. Click Next. You see a confirmation message. 7. Click OK.
PAGE 28
Setting Options/Description EAP Type Select one of these authentication methods for connections between the product and a RADIUS server: EAP-TLS or PEAP-TLS: You must obtain and import a CAsigned certificate PEAP/MSCHAPv2: You must configure a password User ID Enter an ID for authentication on a RADIUS server Password Enter a password for authentication of the product Confirm Password Enter the authentication password again Server ID Enter a server ID for authentication on a specified RADIUS serv
PAGE 29
You see a window like this: 3. Select the certificate you want to use as the Use the following CA Certificate option. 4. Select the certificate you want to use as the Use the following Client Certificate option. 5. Click Next. You see a confirmation message. 6. Click OK. Parent topic: Connecting the Product to an IEEE802.1X Network IEEE802.1X Network Status You can check the status of the IEEE802.1X network settings by printing a status sheet from your product.
PAGE 30
Status ID Status description User ID Error Authentication has failed because the product's user ID and/or certificate protocol is incorrect Server ID Error Authentication has failed because the server ID on the server certificate and the server's ID do not match Server Certificate Error Authentication has failed because the server certificate is out of date or the chain of the server certificate is incorrect CA Certificate Error Authentication has failed because the CA certificate is incorrect, not
PAGE 31
Parent topic: Using a Digital Certificate Obtaining and Importing a CA-signed Certificate You can obtain a CA-signed certificate by creating a CSR (Certificate Signing Request) using Web Config and submitting it to a certificate authority. The CSR created in Web Config is in PEM/DER format. You can import one CSR created from Web Config at a time. 1. Access Web Config and select Network Security Settings. 2. Select one of the following network security options: • SSL/TLS • IPsec/IP Filtering • IEEE802.1X 3.
PAGE 32
8. In the CSR section, click the Download option that matches the format specified by your certificate authority to download the CSR. Caution: Do not generate another CSR or you may not be able to import a CA-signed certificate. 9. Submit the CSR to the certificate authority following the format guidelines provided by that authority. 10. Save the issued CA-signed certificate to a computer connected to the product. Before proceeding, make sure the time and date settings are correct on your product.
PAGE 33
CSR Setup Settings You can select these settings when setting up a CSR in Web Config. Note: The available key length and abbreviations vary by certificate authority, so follow the rules of that authority when entering information in the CSR. Setting Options/Description Key Length Select a key length for the CSR Common Name Enter a name or static IP address from 1 to 128 characters long; for example, Reception printer or https://10.152.12.
PAGE 34
Certificate format Setting descriptions PKCS#12 format obtained from a computer Private Key: Do not configure Password: Optional CA Certificate 1/CA Certificate 2: Do not configure Parent topic: Using a Digital Certificate Deleting a CA-signed Certificate You can delete an imported CA-signed certificate with Web Config when the certificate expires or if you have no more need for an encrypted connection.
PAGE 35
You see a window like this: 3. Enter an identifier for your product from 1 to 128 characters long in the Common Name field. 4. Select a validity period for the certificate as the Certificate Validity (year) setting. 5. Click Next. You see a completion message. 6. Click OK. 7. Click Confirm to verify the certificate information.
PAGE 36
1. Access Web Config and select Wi-Fi/Network Settings. 2. Select LDAP Server and select Basic. You see a window like this: 3. Select Use as the Use LDAP Server setting. 4. Select the LDAP server settings. 5. Click OK. 6. Select Wi-Fi/Network Settings and select LDAP Server again. 7. Select Search Settings.
PAGE 37
8. Select the LDAP search settings you want to use. 9. Click OK. Parent topic: Using an LDAP Server LDAP Server Settings You can configure these LDAP server settings in Web Config.
PAGE 38
Setting Options/Description Kerberos Server Realm If you selected Kerberos Authentication as the Authentication Method option, enter the realm of Kerberos authentication from 0 to 255 characters long in ASCII Parent topic: Using an LDAP Server LDAP Search Settings You can configure these LDAP search settings in Web Config.
PAGE 39
1. Access Web Config and select Wi-Fi/Network Settings. 2. Select LDAP Server and select Connection Test. 3. Click Start. Web Config tests the connection and displays the connection report when it is finished. Parent topic: Using an LDAP Server LDAP Connection Report Messages You can review the connection report messages to diagnose LDAP connection problems in Web Config. Message Description Connection test was successful. Connection to the server is successful Connection test failed.
PAGE 40
Configuring an Email Server Email Server Settings Checking the Email Server Connection Email Server Connection Report Messages Configuring Email Notification Parent topic: Using Your Product on a Secure Network Configuring an Email Server You can configure an email server using Web Config. 1. Access Web Config and select Wi-Fi/Network Settings. 2. Select Email Server and select Basic. You see a window like this: 3. Select the email server settings. 4. Click OK.
PAGE 41
Setting Options/Description Authenticated Account Enter the authenticated account name from 0 to 30 characters long in ASCII Authenticated Password Enter the authenticated password from 0 to 20 characters long in ASCII using A-Z, a-z, 0-9, and these characters: !#$%'*+-./=?^_{!}~@ Sender's Email Address Enter the sender's email address from 0 to 255 characters long in ASCII; do not use a period (.
PAGE 42
Message Description Connection test failed. Check the settings. One of the following has occurred: • The email server address or port number is incorrect • A timeout has occurred Cannot access the printer until processing is complete. The product is busy. Parent topic: Using an Email Server Configuring Email Notification You can configure email notifications using Web Config so you can receive alerts by email when certain events occur on the product, such as running out of paper.
PAGE 43
6. Select the checkboxes to indicate the events for which you want to receive email notifications. 7. Click OK.
PAGE 44
Using EpsonNet Config Network Configuration Software Follow the instructions in these sections to configure your product's administrator network settings using the EpsonNet Config software. With Windows, you can configure network settings in a batch operation. See the EpsonNet Config help utility for instructions. Note: Before you can configure system administration settings, connect the product to a network. See the product's Start Here sheet and User's Guide for instructions.
PAGE 45
4. Double-click the product you are configuring. Note: If several products of the same model are connected, you can identify them by their MAC address. 5. From the menu on the left, select Network Interface, select TCP/IP, and select Basic. You see a window like this: 6. Enter the product's IP address, Subnet Mask, and Default Gateway settings in the fields provided. Note: To connect the product to a secure network, enter a static IP address.
PAGE 46
• Windows (other versions): Click or Start, and select All Programs or Programs. Select EpsonNet and click EpsonNet Config. • OS X: Open the Applications folder, open the Epson Software folder, select EpsonNet, select EpsonNet Config, and double-click the EpsonNet Config icon. After a few moments, the program displays the connected products. 4. Double-click the product you are configuring. Note: If several products of the same model are connected, you can identify them by their MAC address. 5.
PAGE 47
You see a window like this: 8. Enter the Communication Mode, Wireless Mode, SSID, and Security Level settings for the Wi-Fi network as necessary. 9. Select Transmit. 10. Confirm the Wi-Fi connection to the product and disconnect the Ethernet cable from the product.
PAGE 48
Solving Problems Check these sections for solutions to problems you may have with the network configuration software. Solving Network Software Usage Problems Solving Network Security Problems Solving Digital Certificate Problems Where to Get Help Solving Network Software Usage Problems Check these sections if you have problems using the network software.
PAGE 49
The "Out of Date" Message Appears If the "Out of Date" message appears when you are accessing Web Config using SSL communication (HTTPS), the certificate is out of date. Make sure that the product date and time are configured correctly, and obtain a new certificate. Parent topic: Solving Network Software Usage Problems "The name of the security certificate does not match" Message Appears If a message beginning with "The name of the security certificate does not match . . .
PAGE 50
Pre-Shared Key was Forgotten If you forget a pre-shared key, change the key using Web Config for the default or group policy.
PAGE 51
• If DHCP is out of date, or the IPv6 address is out of date or was not obtained, you may not be able to find the IP address registered in Web Config. • If that does not solve the problem, enter a static IP address using Web Config. Parent topic: Solving Network Security Problems Cannot Create the Secure IPP Printing Port If you cannot create the secure IPP printing port, try these solutions: • Make sure you specified the correct server certificate for SSL/TLS communication using Web Config.
PAGE 52
Message Solution Invalid value below. Remove any unsupported characters in the file path and password. Invalid date and time. Set the date and time on the product using Web Config, EpsonNet Config, or the product control panel. Invalid password Enter the password that matches the password set for the CA certificate. Invalid file Try the following: • Import only certificate files in X509 format sent by a trusted certificate authority.
PAGE 53
Message Solution Setup failed. Make sure the computer and product are connected, and the certificate file is not corrupted, then import the certificate file again. Parent topic: Solving Digital Certificate Problems Cannot Import a Digital Certificate If you cannot import a digital certificate, try these solutions: • Make sure the CA-signed certificate and the CSR have the same information.
PAGE 54
Where to Get Help If you need to contact Epson for technical support services, use the following support options. Internet Support Visit Epson's support website at epson.com/support (U.S.) or epson.ca/support (Canada) for solutions to common problems. You can download drivers and documentation, get FAQs and troubleshooting advice, or e-mail Epson with your questions.
PAGE 55
Notices Check these sections for important notices. Trademarks Copyright Notice Trademarks EPSON® is a registered trademark abd EPSON Exceed Your Vision is a registered logomark of Seiko Epson Corporation. OS X is a trademark of Apple Inc., registered in the U.S. and other countries. General Notice: Other product names used herein are for identification purposes only and may be trademarks of their respective owners. Epson disclaims any and all rights in those marks.
PAGE 56
Seiko Epson Corporation shall not be held liable for any damage resulting from electromagnetic interference that occurs from the use of any interface cables other than those designated as Epson approved Products by Seiko Epson Corporation. This information is subject to change without notice. Copyright Attribution Parent topic: Notices Copyright Attribution © 2014 Epson America, Inc.