Escolar Documentos
Profissional Documentos
Cultura Documentos
1
Contents
eKUIO NetGard Overview ............................................................................................................................ 4
eKUIO NetGard MFP Setup Guide ............................................................................................................... 5
Configuring eKUIO NetGard with web browser ...................................................................................... 6
Overview of device configuration................................................................................................................ 9
NETWORK ................................................................................................................................................... 10
Network -> Configuration ...................................................................................................................... 10
NETWORK -> Advanced Configuration .................................................................................................. 12
NETWORK -> Routing ............................................................................................................................. 14
NETWORK -> IPv4 – Ipv6 Translation..................................................................................................... 15
NETWORK -> IPv4 –> 802.1X .................................................................................................................. 16
SCAN/PRT SETUP -> Scan to Network ................................................................................................... 17
Scan to Network -> Email ................................................................................................................... 18
Scan to Network -> FTP ...................................................................................................................... 18
Scan to Network -> Firewall ............................................................................................................... 19
Scan to Network -> Integration with Third Party Document Management Application ................. 19
Integration with AutoStore – HTTP or SMB ...................................................................................... 20
Integration with PaperCut ................................................................................................................. 21
Integration with PlanetPress ............................................................................................................. 21
Scan to Network -> Scan to Home ..................................................................................................... 22
SCAN/PRT SETUP -> Authentication ...................................................................................................... 23
SCAN/PRT SETUP -> Secure Print Release ............................................................................................. 24
SCAN/PRT SETUP -> Certificates ............................................................................................................ 26
SCAN/PRT SETUP -> CAC Settings .......................................................................................................... 29
NetGard Lock MFP Configuration .............................................................................................................. 41
Set MFP IP Address................................................................................................................................. 41
NetGard Lock pkg Installation & Configuration .................................................................................... 46
Required MFP settings for Send-to-email & Send-to-Home functions. ............................................... 53
Send-to-email ..................................................................................................................................... 53
Send-to-Home .................................................................................................................................... 57
eKUIO NetGard MFP Connections ............................................................................................................. 60
Appendix A: Certificate Chain Builder Tool ............................................................................................... 62
Appendix B: Kerberos Info Certificate Tool ............................................................................................... 67
2
Appendix C: Card Certificate Tool .............................................................................................................. 68
Appendix D: NetGard Certificates Use Case .............................................................................................. 70
Appendix E: CentraQ Integration............................................................................................................... 71
3
eKUIO NetGard Overview
4
eKUIO NetGard MFP Setup Guide
For initial configuration, you would need a computer, preferable a laptop and a network cable.
5
Configuring eKUIO NetGard with web browser
Default setting:
Password: password
Note: The password for admin can be changed under ADMIN -> Users
6
Illustration of a typical embedded eKUIO NetGard deployment
Card reader
eKUIO NetGard
gard Client PC
Certificate Server
Note: MFD does not communicate with network directly. All external communication must go through
eKUIO NetGard device.
The device secures the MFD on network. It handles all authentication and communication with
network.
7
After authentication, the first page displayed is the MONITORING -> Status page
Serial number
8
Overview of device configuration:
1. NETWORK
- Configuration
- Advanced Configuration
- Routing
- IPv4 – Ipv6 Translation
- 802.1X
2. Scan/PRT SETUP
- Scan to Network
- Authentication
- Secure Print Release
- Certificates
- CAC Settings
3. ADMIN
- Management
- Utilities
- Users
- Date and Time
- Licensed Features Management
4. MONITORING
- Status
- Statistics
- Diagnostics
- MFD
- Logs
5. SUPPORT
- Overview
- Documentation
9
NETWORK
Network -> Configuration
IP version selection
10
System
When the device is shipped, the serial number is automatically used as the Host Name. This can
be changed per customer’s requirement.
Device IP Settings
This is a closed network. The default IP is 192.168.10.1. Its main purpose is for internal
communication between the device and MFD.
LAN IP Settings
Assign an IP address to the device to communicate with customer’s network. This assigned IP is
denoted by the port marked “LAN” as illustrated on page 3.
IP Version
Default IP for device management. Notice that this is the IP for accessing this configuration
page. By entering https://192.168.20.1:8080 administrator can access device configuration.
IMPORTANT
Every time any change is made, you must click Apply button to register the change.
11
NETWORK -> Advanced Configuration
12
Device DHCP Server
If enabled, computer host can lease IP from this device. It is a closed network meant for
configuration purpose only. In this case, it is set to No. As a result, the computer host
connecting to device must be assigned a static IP ahead of time. Example, 192.168.20.20.
Default MTU Size and Speed. This applies to internal communication only.
MTU Size and Speed. This applies to device communication with customer’s network.
Allow inbound traffic ports: Enter all or specific ports allowed to come into the device.
Allow outbound traffic ports: Enter all or specific ports allowed to go out of the device.
In example shown, all inbound traffic is allowed whereas ports 25, 80, 445 and 139 are allowed
for outbound traffic.
13
NETWORK -> Routing
14
NETWORK -> IPv4 – Ipv6 Translation
This page allows you to define rules for IPv4 IPv6 Protocol translation. This configuration is value only in
IPv4 – IPv6 Translation Mode.
15
NETWORK -> IPv4 –> 802.1X
This page allows you to enable/disable 802.1X authentication on device. The device currently supports
EAP-TLS protocol for 802.1X authentication.
16
SCAN/PRT SETUP -> Scan to Network
17
Scan to Network -> Email
When enabled, enter the SMTP IP and port used. The device can be configured to obtain email
address either from CAC or LDAP.
IMPORTANT: See Scanning to email MFP Configuration section for additional settings on Page
40.
By selecting Add User Identifier to file names, files will be identified with either Email Address or
EDI-PI.
EDI-PI is the Electronic Data Interchange Personal Identifier. This is obtained from the CAC card
of user.
18
Scan to Network -> File Server
When enabled, enter File Server IP and port.
If Only the ports listed below is selected, you can assign specific ports or a range of ports.
Scan to Network -> Integration with Third Party Document Management Application
Supported 3rd party applications: AutoStore, PaperCut and PlanetPress
19
Integration with AutoStore – HTTP or SMB
HTTP
SMB
Enter server IP
20
Integration with PaperCut
Enter the port number for communication with PaperCut
21
Scan to Network -> Scan to Home
This configuration entails a user account to be created in MFD’s address book. (Detail of MFD
configuration will be covered in ensuing section)
IMPORTANT: See Scanning to Home Directory MFP Configuration section for additional settings
on Page 41.
22
SCAN/PRT SETUP -> Authentication
Authentication options: X.509, OCSP, and LDAP.
(See Appendix for using LDAP Discovery Tool to obtain LDAP information)
Enter LDAP server info and master account with access right
23
SCAN/PRT SETUP -> Secure Print Release
In order to use the device for storing authenticated user’s print jobs, the device must be made a
member of the domain where user belongs.
Join Windows Domain: Enter domain administrator credential in order to join the domain.
Start/Stop SPR Service: To enable secure job release, change status to START and APPLY.
24
SCAN/PRT SETUP -> Secure Print Release
Join Windows Domain should show device as a member of domain in Current Status.
After starting SPR Service, Current Status should show the name of the queue created. In this
case, it is \\mfd201711052798\ngdprinter
Secure print jobs are stored in the device memory. Administrator defines deletion parameters.
Enabling Direct Print will cause printers to output immediately after jobs are sent.
\\mfd201711052798\ngdprinter
25
SCAN/PRT SETUP -> Certificates
All Trusted Certificates are loaded via this section.
26
Trusted certificates from domain controller and card issuer must be loaded onto device in order
to authenticate.
On the issuing certificate server for Microsoft Windows domain, obtain the certificates from
issuing Certificate Authority.
27
Customer should obtain a copy of certificate from card issuer.
In case where certificate is not readily available, use ActivClient utility to view and obtain the
card certificates.
28
SCAN/PRT SETUP -> CAC Settings
Configure login timeout.
Enable MFP Integration allows user to enter PIN on MFP’s large display panel or hard key.
The Configuration Data Sent to MFP defines the function access for authenticated and public
users at MFP.
Print Print Color Send Fax Copy Color Copy Admin
Public true/false true/false true/false true/false true/false true/false true/false
CAC User true/false true/false true/false true/false true/false true/false true/false
For example, administrator can allow public access to copy, print, and fax except copy in color,
scanning, fax and printing in color.
29
Sample default settings:
{
"Settings": {
"sAMAccount": {
"Value": "%U",
"sourceType": "Formatted",
"removeDomain": true
}
},
"publicAccess": {
"print": false,
"printColor": false,
"sending": false,
"fax": false,
"copyColor": false,
"isMfpAdmin": false,
"copy": false
},
"cacUser": {
"print": true,
"printColor": true,
"sending": true,
"fax": true,
"copyColor": true,
"isMfpAdmin": false,
"copy": true
},
"memberOf": {"CN=Domain
Users,CN=Users,DC=upn,DC=example,DC=com":{
"print": true,
"printColor": true,
"sending": true,
"fax": true,
"copyColor": true,
"isMfpAdmin": false,
"copy": true}}
}
30
ADMIN -> Management
Enabling both LAN and Management Port allows for centralized management of NetGard
devices.
31
ADMIN -> Utilities
Firmware update
The backup function allows administrator to save each device’s NetGard configuration settings.
This file can be used for multiple device deployment. After restoring the settings, administrator
would have to change the NetGard Host Name and LAN IP (see Page 9).
32
ADMIN -> Users
NetGard allows up to four unique administrator-level users and four guest (view-only) level
users. There is one default admin and one default guest user that cannot be deleted, rather the
default password can be changed.
The User List contains the unique User Name required to login to the management GUI, as well
as the First Name, Last Name, and user Type (admin or guest) associated with the username.
The Edit button in the action column links to the User Settings section where the user can
modify details such as password and inactivity timeout.
Select All: Select all the entries in the Users List.
Delete: Delete selected entries from the Users List. Note: The factory default admin and guest
users cannot be deleted.
Add: Add a new user to the User List.
33
ADMIN -> Date and Time
Accurate date and time settings are vital to the authentication function of NetGard.
Set the date, time and NTP servers. Network Time Protocol (NTP) is a protocol that is used to
synchronize computer clock times in a network of computers. Accurate time across a network is
important.
34
ADMIN -> Licensed Features Management
35
MONITORING -> Status
36
MONITORING -> Statistics
The Statistics page displays statistical information for CAC users and Printer Status.
37
MONITORING -> Diagnostics
The diagnostics page is used to perform various diagnostics such as ping connectivity tests, trace
route, DNS lookup, and others.
38
MONITORING -> MFD
39
MONITORING -> Logs
This page will allow you to configure a Syslog server that can receive detailed log messages from
NetGard MFD. There are a variety of events that can be captured and logged for review.
40
NetGard Lock MFP Configuration
Set MFP IP Address
Select System Menu (2 locations as illustrated below)
System Menu
41
Proceed to Page 2, select System/Network
System/Network
42
Select Network
Network
Wired Network
43
Select TCP/IP Setting
TCP/IP Setting
TCP/IP
IPv4
Turn ON TCP/IP
44
Change IPv4:
IP Address 192.168.10.30
Reboot device.
45
NetGard Lock pkg Installation & Configuration
Load MFP NetGard pkg
System Menu
46
Proceed to Page 2 of System Menu
Select Application
Scroll to Page 2
Select Application
47
Enter username “Admin” and password “Admin” (default setting)
Select Add
At this point, please make sure that the target pkg is stored on an USB thumb drive and
it is inserted into the MFP USB port near the display panel.
48
Locate the NetGard Lock pkg on the USB display list. Select and Install.
Select Install
Select Activate
49
If a license is purchased, enter the License Key. Otherwise use the Trial.
After activation, the MFP panel will display the NetGard Lock icon. Select NetGard Lock.
NetGard Lock
50
Further configuration is required after initial NetGard Lock installation.
51
Enter the default Address and Port for MFP to communicate with NetGard
Address: http://192.168.10.1
Port: 80
52
Required MFP settings for Send-to-email & Send-to-Home functions.
Access the Command Center RX (CCRX) with a web browser. Enter the IP address assigned to
the NetGard LAN port.
Send-to-email
Select Network Settings -> Protocol
Function Settings
Protocol
53
Additional required steps for Send-to-email:
Function Settings
Enable SMTP
IP: 192.168.10.1
Port: 25
IP 192.168.10.1
Port 25
54
Create Address Book user
Configure
55
Enter any email address in the
Create a user account on correct format (self@mail.mil)
MFD’s Machine Address Book
56
Send-to-Home
Select Network Settings -> Protocol
Function Settings
Protocol
Enable SMB
SMB = ON
Port = 445
57
Select Address Book -> Machine Address Book
58
Configure SMB
The NetGard User Name and Password for Scan-to-Home must match the Login User
Name and Password on the MFP’s Machine Address Book user account. (See illustration
on Page 22)
59
eKUIO NetGard MFP Connections
The eKUIO NetGard device is installed into the MFP’s KUIO slot.
Configuration:
Green cable shown is for connecting MFP’s Network Interface to NetGard (DEV/MGMT port)
Black cable shown is for connecting card-reader to NetGard (either USB1 or USB2)
Connecting to LAN
60
To LAN
To USB card-reader
61
Appendix A: Certificate Chain Builder Tool
Use this tool to extract domain certificates. Extracted certificates are required for NetGard.
IMPORTANT: Obtain permission or provide this tool to customer’s administrator to discover the domain
certificates.
Note: Under normal circumstances, the certificate administrator should be able to provide the
certificates.
Build
62
Dialog box will prompt for the file generated to be saved.
Dialog box will also show the domain information discovered. Click Exit when finish.
63
Locate the file SmartCardLogonCertificates created by the steps above.
64
Proceed with Certificate Export Wizard
Next
65
Provide a File Name
Complete export
66
Appendix B: Kerberos Info Certificate Tool
Use this tool to discover domain names and LDAP detail to be used on NetGard configuration.
IMPORTANT: Obtain permission or provide this tool to customer’s administrator to discover the domain
name and LDAP detail.
1. dnsHostName
2. ldapServiceName
67
Appendix C: Card Certificate Tool
Use ACC70CWP (ActivIdentity ActivClient for Windows) to extract Smart Card (CAC/PIV) certificates.
Extracted certificates are required for NetGard.
IMPORTANT: Obtain permission or provide this tool to customer’s administrator to discover the Smart
Card issuer’s certificates.
Note: Under normal circumstances, the certificate administrator should be able to provide the
certificates.
When the card is read, dialog box will display Smart Card information.
Select My Certificates
My Certificates
68
Open My Certificates folder and export all required certificates.
69
Appendix D: NetGard Certificates Use Case
1. Web pages: Each NetGard device has a default certificate for its web pages. If a customer
wants to replace that with his own certificate, he can do so by generating a self-certificate
request on the SCAN/PRT SETUP -> Certificates section.
The certificate generated can then be loaded as and loading certificates as Active Self
Certificates.
4. Smart Card web login service: Customer can log in NetGard's web site using his smart card.
CA certificates must be loaded on NetGard as Web Authentication CA Certificates.
70
Appendix E: CentraQ Integration
This new feature allows for “follow-me” print job release at any MFP or printers under CentraQ*
management.
NetGard device comes with a secure print release function but it lacks the follow-me function where
users can release jobs at any of the managed devices.
Requirements:
1. CentraQ application
2. Print server
3. Kyocera KX driver
Refer to CentraQ User Guide for all setup and configuration procedures.
71