SHARP

Language

Security Settings

  • When settings are changed, the changes will take effect after the machine is restarted. For details on restarting this machine, see " TURNING ON THE POWER".
  • All items except for the Password Setting, Enable Filter and Initialize Data in Machine are available in the system settings of the Web page.
  • For Security Settings on the operation panel, see the following " THE SETTING MODE LIST OF THE OPERATION PANEL".

Password Change

The administrator password and user password can be changed.
When you change the password, be sure to remember the new password.

  • Enter a password consisting of 1 to 255 characters (when the administrator password is changed: 5 to 255). Your setting is made valid only when the machine is turned On again.
  • The user-level authentication password is required to add, edit or delete the destination. When you log on, enter "users" as the user name. Then, enter the user password that you have registered with this option.
    The administrator-level authentication password is required to select all settings and the same functions as those available with the user-level password. When you log on, enter "admin" as the user name. Then, enter the administrator password that you have registered with this option.
  • If you tap the [Store] key without entering a password, the previously set value is assumed. Password protection is enabled by default.

In the factory default state, the user password must be entered. (For the default administrator password, see Start Guide.)
For Europe, see Start Guide.

Restrict Device Web Page Access Via Password

Use this setting to display the login screen and require login in order to access the Web server.

Administrator Password

Changes the setting of the administrator password.
When setting a password, make sure that it contains at least one or more numbers, uppercase and lowercase letters of the alphabet, and symbols.
The characters that can be entered are as follows.

  • Numbers: 0 to 9
  • Upper case alphabet: A to Z
  • Lower case alphabet: a to z
  • Symbols: ! @ # $ % ^ & * ( ) “ ‘ + , - . / : ; < = > ? [ \ ] _ ` { | } ~ and spaces

User Password

Changes the setting of the user password.
When setting a password, make sure that it contains at least one or more numbers, uppercase and lowercase letters of the alphabet, and symbols.
The characters that can be entered are as follows.

  • Numbers: 0 to 9
  • Upper case alphabet: A to Z
  • Lower case alphabet: a to z
  • Symbols: ! @ # $ % ^ & * ( ) “ ‘ + , - . / : ; < = > ? [ \ ] _ ` { | } ~ and spaces

Password Setting

The administrator password and user password can be changed.
When you change the password, be sure to remember the new password.

  • Enter a password consisting of 5 to 255 characters and tap the [Store] key. Your setting is made valid only when the machine is turned on again.
  • The administrator-level authentication password is required to select all settings and the same functions as those available with the user-level password. When you log on, enter "admin" as the user name. Then, enter the administrator password that you have registered with this option.
This setting can only be set on the operation panel.
The characters that can be entered are as follows.
  • Numbers: 0 to 9
  • Upper case alphabet: A to Z
  • Lower case alphabet: a to z
  • Symbols: ! @ # $ % ^ & * ( ) “ ‘ + , - . / : ; < = > ? [ \ ] _ ` { | } ~ and spaces

Condition Settings

Restrict Print Jobs

You can select settings to cancel print jobs that are not print hold jobs, or force all print jobs to be held.
When [Restrict Print Jobs] is turned ON, the settings below can be selected.

Item Description

Force Retention

This setting forcibly sets all print jobs as print hold jobs, even jobs for which print hold is not selected.

Disable Job

Prohibit all print jobs other than print hold jobs.

Factory default settings:
Force Retention

If this setting is disabled, print data that may contain personal information/privacy information can be printed without the user being present.

Automatic Deletion of Suspended Print Jobs

If the print job is interrupted due to a paper jam, etc., the job is automatically deleted after the time set in "Time until Suspended Print Jobs are Automatically Deleted" has elapsed.

Factory default settings:
Disable

Time until Suspended Print Jobs are Automatically Deleted

Set the time after stopping a job to automatically deleting the job.

Factory default settings:
5 minutes

Clear All Data When the Jobs are Completed

Completely deletes the data from the memory of the machine when the job is completed.

Factory default settings:
Disable

Reject Requests from External Sites

You can reject the request from external sites.

Factory default settings:
Enabled

Mandatory Access Control

Set whether to perform forced access control. Once set, access to all files inside the machine will be forcibly controlled.

Factory default settings:
Disable

If this setting is set to [Disable], there is a risk that a malicious program that leaks data that may include personal information/privacy information through system intrusion may be able to operate.

Port Control

For the various major ports used in the system, set the prohibition/permission and port number, and tap the [Store] key.
The ports that can be set are as follows.

Server Port Factory default settings Client Port Factory default settings
Port Control Enable / Disable Port Control Enable / Disable

HTTP*

80

Enabled

HTTP*

Enabled

HTTPS

443

Enabled

HTTPS

Enabled

FTP Print*

21

Enabled

FTP*

Enabled

Raw Print*

9100

Enabled

FTPS

Enabled

LPD*

515

Enabled

SMTP*

Enabled

IPP*

631

Enabled

SMTP-SSL/TLS

Enabled

IPP-SSL/TLS

443

Disabled

POP3*

Enabled

Remote Operation Panel*

5900

Enabled

SNMP-TRAP*

162

Enabled

SNMPD

161

Enabled

Notify Job End*

Enabled

WSD*

Enabled

LDAP*

Enabled

LDAP-SSL/TLS

Enabled

mDNS*

Enabled

syslog*

514

Enabled

syslog-SSL/TLS

6514

Enabled

* If these settings are set to [Enable], insecure communication will be possible, and there is a risk that data that may include personal information/private information may be intercepted.

Filter Setting

You can set the filter by an IP or MAC address to prevent an unauthorised access to the machine via a network.
Set the IP or MAC address filter and tap the [Store] key.

Factory default settings:
Disable

IP Address Filter Settings

This option sets an IP address.
You can specify whether to allow or prohibit access to the machine from the IP address you set.

Factory default settings:
Enable

MAC Address Filter Settings

This option sets a MAC address.
It allows access to the machine from the MAC address you set.

Enable Filter

Enable the settings made in [System Settings] → [Security Settings] → [Filter Setting] on the Web page.

Factory default settings:
Disable

This setting can only be set on the operation panel.

SSL/TLS Settings

SSL/TLS can be used for data transmission over a network.
SSL/TLS is a protocol that enables the encryption of information communicated over a network. Encrypting data makes it possible to transmit and receive sensitive information safely.
Data encryption can be set by the following protocols.

Setting of SSL/TLS

Server Port

  • HTTPS: Apply SSL/TLS encryption to HTTP communication.
  • Factory default settings:
    Enable
  • IPP-SSL/TLS: Apply SSL/TLS encryption to IPP communication.
  • Factory default settings:
    Disable
  • Redirect HTTP to HTTPS in Device Web Page Access: When this setting is enabled, all communication that attempts to access the machine by HTTP is redirected to HTTPS.
  • Factory default settings:
    Disable
If this is set to [Disable], and combined with insecure communication, there is a risk that data that may include personal information/privacy information may be intercepted.

Client Port

  • HTTPS:
    Apply SSL/TLS encryption to HTTP communication.
  • Factory default settings:
    Enable
  • FTPS: Apply FTP encryption to HTTP communication.
  • Factory default settings:
    Enable
  • SMTP-SSL/TLS:
    Apply SMTP encryption to HTTP communication.
  • Factory default settings:
    Enable
If you select [Disable], unsecure SMTP communication will be possible, and there is a risk that the data transmitted may be subject to eavesdropping if it may contain personal or private information.
  • LDAP-SSL/TLS:
    Apply SSL/TLS encryption to communication using LDAP.
  • Factory default settings:
    Enable
  • syslog-SSL/TLS:
    Apply SSL/TLS encryption when sending audit logs.
  • Factory default settings:
    Enable
  • Verify Signature of Server Certificate of the Other Party:
    Validate the certificate of the server you are communicating with.
  • Factory default settings:
    Disable
  • Even if "Verify Signature of Server Certificate of the Other Party" is enabled, when "Global Address Search" or "My Address Search" is performed only when the search destination is an LDAP server, the server certificate of the destination is not validated.
  • If "Verify Signature of Server Certificate of the Other Party" is disabled, you may connect to an unintended server and data that may include personal or private information may be transmitted to that server.
  • TLS1.2: Use only TLS1.2.
  • Factory default settings:
    Enable
  • TLS1.3: Use only TLS1.3.
  • Factory default settings:
    Enable

Device Certificate

Certificate Status

Displays the status of the certificate required for SSL/TLS communication. Click the [Select] key to install the certificate.

Certificate Information

If the device certificate is installed, click the [Show] key to display the certificate information.

Select Device Certificate

Click the [Select] key to display the device certificates that have already been registered. Select from them.

IPsec Settings

IPsec can be used for data transmission/reception on a network.
When IPsec is used, data can be sent and received safely without the need to configure settings for IP packet encryption in a Web browser or other higher-level application.
When enabling this settings, take the following notes.

  • It may take some time to reflect on the machine settings, and you cannot connect to the machine during this time.
  • If the settings in the Web page are not correctly selected, connection to the machine may not be allowed, or the settings may not allow printing, or Setting mode (Web version) display. In this case, deselect this setting and change the System Settings (on Web pages).

If you enable this setting, you can protect data communications that may include personal information/privacy information from eavesdropping.

Condition Settings

IPsec Settings

Sets whether to use IPsec for transmission.

Factory default settings:
Disable

IKEv1 Settings

Pre-Shared Key

Enter the Pre-Shared Key to be used for IKEv1.

SA Lifetime (time)

Set the SA lifetime.

Factory default settings:
28800 seconds

IKE Lifetime

Set the IKE lifetime.

Factory default settings:
30 seconds

IPsec Rules

The registered IPsec rules are displayed.
To add a new rule, click the [Add] key.
To delete a rule, select the rule you want to delete and click the [Delete] key.

IPsec Rule Registration

Rule Name

Enter a name for the IPsec rule.

Priority

Set the priority level.

Factory default settings:
1

Select the Rule Name to be the Registration Model

If there is a previously registered rule that is similar to the rule you want to create, you can create the new rule based on the registered rule.

Device Address

Set the type of IP address to be used on the machine and the port number (for IPv6, set the port number / prefix length).

Client Address

Set the destination IP address type and port number (for IPv6, set the port number / prefix length).

Protocol

Set the protocol to be used.

Factory default settings:
TCP

Filter Mode

Configure settings for the authentication method used for IPsec.

Factory default settings:
IPsec

IPsec Encryption

Configure settings for the authentication method used for IPsec.

ESP

Select to use ESP authentication.

Factory default settings:
Enable

Allow Communication not using ESP

Specify whether or not communication that does not use ESP is allowed.

Factory default settings:
Enable

AH

Select to use AH authentication.

Factory default settings:
Disable

Allow Communication not using AH

Specify whether or not communication that does not use AH is allowed.

Factory default settings:
Disable

Audit Log

Logs are created and saved for various events relating to security functions and settings.
Audit logs are created and saved in English. However, setting values such as filenames which are input from external sources are saved as-is.
Audit logs which have been saved in the internal memory can be exported by an administrator to a PC as TSV files.
You can select either the internal memory or an external server as the destination for saving audit logs.

  • When the space for saving audit logs internally becomes full, the logs are overwritten starting from the oldest ones.
  • If you enable the audit log setting, information about the user who generated the event will be recorded in the audit log.
  • Audit Log

    "Audit Log" can be carried out as follows.
    In the Web page, select [System Settings] → [Security Settings] → [Audit Log]
    Select "Security Control", "Storage/Send Settings" or "Save/Delete Audit Log".

    Factory default settings:
    Disable

    Storage/Send Settings

    "Storage/Send Settings" can be carried as follows.
    In the Web page, select [System Settings] → [Security Settings] → [Audit Log]→ [Storage/Send Settings]
    Then make the storage and transmission settings.

    Factory default settings:
    Server Send:Disable, Enable SSL/TLS:Disable, Port Number:514, Port Number (Use SSL/TLS):6514

    Save/Delete Audit Log

    "Save/Delete Audit Log" can be carried out as follows.
    In the Web page, select [System Settings] → [Security Settings] → [Audit Log]→ [Save/Delete Audit Log]
    Select "Save Audit Log" or "Delete Audit Log".

    • "Save Audit Log" can only be carried out from the Web page.
    • It will not be displayed if audit logging is disabled or storage is disabled.

    Audit Log specifications

    If the audit log is saved to an external server, the audit log is temporarily saved in the buffer area reserved in the internal memory until the transmission to the external server is successful.

    • Audit logs that are successfully sent to the external server are cleared from the buffer area.
    • If the transmission to the external server fails, a warning message will be displayed on the operation panel and the screen of the Web page, and the transmission will be periodically retransmitted to the external server until the transmission is successful.
    The audit events and information stored in the audit log are as shown in the following table.

    If the power of this machine is turned off by a method other than the procedure described in the user's manual or due to a power failure, the [End Audit] event may not be recorded. Make sure to turn off the power of this machine according to the correct procedure. We also recommend using an uninterruptible power supply (UPS) in the event of an unforeseen event such as a power outage.
    Event name Date & Time
    *1
    Operation I/F
    *2
    Login Name Result
    *3
    Additional Information

    Audit Start

    Yes

    N/A

    N/A

    Yes

    Reasons for starting

    Other: security erase

    Audit End

    Yes

    N/A

    N/A

    Yes

    N/A

    Job Completion

    Yes

    Yes

    Job owner (SYSTEM)

    Yes

    Finished job name

    I&A Success

    Yes

    Yes

    The string entered as your login name

    N/A

    IP address of the login source

    127.0.0.1 for the operation panel

    I&A Failure

    Yes

    Yes

    The string entered as the login name

    N/A

    IP address of the login source

    127.0.0.1 for the operation panel

    Add User

    Yes

    Yes

    User who added

    Yes

    Added login name

    Login Terminated

    Yes

    Yes

    The string entered as your login name

    N/A

    Active termination/ Timeout

    Change Password

    Yes

    Yes

    The user who made the change

    Yes

    Login name of the user whose password has been changed

    Change Login Name

    Yes

    Yes

    The user who made the change

    Yes

    Login name after change

    Delete user

    Yes

    Yes

    User who deleted

    Yes

    Deleted login name (ALL if all users are deleted)

    Add Auth Group

    Yes

    Yes

    User who added

    Yes

    Added authority group name

    Change Role

    Yes

    Yes

    The user who made the change

    Yes

    • Login name of the user whose authority group has been changed
    • Changed authority group name

    Change Auth Group
    Setting

    Yes

    Yes

    The user who made the change

    Yes

    Privilege changed settings Group Name

    Add Page Limit Group

    Yes

    Yes

    Users with additional functions

    Yes

    Name of the additional page limit group

    Delete Page Limit Group

    Yes

    Yes

    Users whose functions are deleted

    Yes

    Name of the deleted page limit group

    Change Page Limit Group
    Setting

    Yes

    Yes

    Users who have changed the settings

    Yes

    Name of the changed page limit group

    Change Time Setting

    Yes

    Yes

    The user who made the change

    Yes

    N/A

    Change Setting

    Yes

    Yes

    User who made the change (“ByPolicy” when applying AD policy)

    Yes

    • Setting items whose setting values have been changed
    • Set value after change

    Firm Recovery

    Yes

    N/A

    N/A

    Yes

    • Firmware name
    • Firmware version after recovery

    Exec Rejection

    Yes

    N/A

    N/A

    Yes

    Distinguished name of firmware or embedded OSA app

    TLS, IPsec communication failure
    (Comm Failure)
    * Communication partner is
    other than the audit server

    Yes

    N/A

    Users who are communicating

    N/A

    • IP address of the communication starter
    • IP address of the communication partner
    • Communication direction
    • Reason for failure

    Modify AddrBook

    Yes

    Yes

    User who updated

    Yes

    • At the time of addition: Internal management ID and destination name of the added entry
    • When deleting / changing: Internal management ID of deleted / changed entry

    Firm Update

    Yes

    Yes

    User who updated

    Yes

    • Firmware name
    • Firmware version before update
    • Firmware version after update

    Release Denied Addr

    Yes

    Yes

    Users who have been released

    Yes

    Released IP address

    Send External Dest

    Yes

    Yes

    Users who sent

    Yes

    Destination e-mail address/IP address/SMB folder path

    Web Push Print

    Yes

    Yes

    Users of the function

    Yes

    IP address from which the file was downloaded

    Change Service Setting

    Yes

    Yes

    Users who have changed the settings

    Yes

    Changed settings and their values

    Switch to service mode

    Yes

    Yes

    Service

    Yes

    N/A

    Running in service mode

    Yes

    Yes

    Service

    Yes

    Changed setting values

    *1 The date and time when the event occurred is displayed in the extended format of ISO 8601.

    *2 Either Ope/Web/sNet is displayed as the operation interface. However, if it is "N / A" in the table, it will be written as "N / A".

    *3 Either Success / Failure will be displayed as the result of the event.

    Certificate Management

    Device Certificate Management

    Import

    Import the certificate/private key.

    Export

    Export the certificate/private key.

    Certificate Information

    Shows the status of the certificate.

    Creation of Certificate and Private Key

    Common Name (Required)

    Enter the name to be used.

    Organization

    Enter the name of the organization.

    Organizational Unit

    Enter the name of the unit within the organization.

    City/Locality

    Enter the city or locality.

    State/Province

    Enter the state or province.

    Country/Region (Required)

    Enter the country code.

    Certificate Start Date

    Enter the start date and time for the certificate.

    Certificate Validity Period

    Enter the expiration date of the certificate.

    Certificate Information

    Enter the Certificate Information.

    Certificate Signing Request (CSR) Management

    Installation of Certificate

    Install the certificate.

    Certificate Information

    Shows the status of the certificate.

    Make of Certificate Signing Request(CSR)

    Common Name (Required)

    Enter the name to be used.

    Organization

    Enter the name of the organization.

    Organizational Unit

    Enter the name of the unit within the organization.

    City/Locality

    Enter the city or locality.

    State/Province

    Enter the state or province.

    Country/Region (Required)

    Enter the country code.

    Key Length of Certificate

    Specify the key length of the certificate.

    Factory default settings:
    1024bit

    CA Certificate Management

    Import

    Import the certificate.

    Certificate Information

    Shows the status of the certificate.

    Initialize Data in Machine

    Press the [OK] key to initialise the following personal information and data in the machine.

    • All user information data
    • All job data in this machine
    • Log information
    • Data and areas for internal processing
    • Data in the machine registered/stored by the user
    This setting can only be set on the operation panel.

    Language

    Version 03a / bpc131pw_usr_03a_en

    ↑Top of page