| Setting | Options/Description |
|---|---|
| Access Control | Permit Access to
permit IP packets to pass through
Refuse Access to prevent IP packets from passing through IPsec to permit IPsec packets to pass through |
| IKE Version | Select the version of the Internet Key Exchange (IKE) protocol that matches your network environment |
| Authentication Method | Select an authentication method, or select Certificate if you have imported a CA-signed certificate |
| Pre-Shared Key | If necessary, enter a pre-shared key between 1 and 127 characters long |
| Confirm Pre-Shared Key | Confirm the pre-shared key you entered |
| ID Type | If you selected IKEv2 as the IKE Version setting, select the ID type from the list. |
| ID | If you selected IKEv2 as the IKE Version setting, enter the necessary ID information |
| Encapsulation | If you selected IPsec
as the Access Control option,
select one of these encapsulation modes:
Transport Mode: if you are using the product on the same LAN; IP packets of layer 4 or later are encrypted Tunnel Mode: if you are using the product on an Internet-capable network, such as IPsec-VPN; the header and data of IP packets are encrypted |
| Remote Gateway(Tunnel Mode) | If you selected Tunnel Mode as the Encapsulation option, enter a gateway address between 1 and 39 characters long |
| Security Protocol | If you selected IPsec
as the Access Control option,
select one of these security protocols:
ESP: to ensure the integrity of authentication and data, and encrypt data AH: to ensure the integrity of authentication and data; if data encryption is prohibited, you can use IPsec |
| Algorithm Settings | Select the encryption algorithm settings for the security protocol you selected |
| Setting | Options/Description |
|---|---|
| Access Control | Permit Access to
permit IP packets to pass through
Refuse Access to prevent IP packets from passing through IPsec to permit IPsec packets to pass through |
| Local Address(Printer) | Select an IPv4 or IPv6 address that matches your network environment; if the IP address is assigned automatically, select Use auto-obtained IPv4 address |
| Remote Address(Host) | Enter the device's IP address (between 0 and 43 characters long) to control access, or leave blank to control all addresses; if the IP address is assigned automatically, such as by DHCP, the connection may be unavailable, so configure a static address instead |
| Method of Choosing Port | Select the method you want to used for specifying ports |
| Service Name | If you selected Service Name as the Method of Choosing Port option, select a service name option here; see the next table for more information |
| Transport Protocol | If you selected Port
Number as the Method of Choosing
Port option, select one of these encapsulation modes:
Any Protocol TCP UDP ICMPv4 See the Group Policy Guidelines table for more information. |
| Local Port | If you selected Port Number as the Method of Choosing Port option, and TCP or UDP for the Transport Protocol option, enter the port numbers that control receiving packets (up to 10 ports), separated by commas, for example 25,80,143,5220; leave this setting blank to control all ports; see the next table for more information |
| Remote Port | If you selected Port Number as the Method of Choosing Port option, and TCP or UDP for the Transport Protocol option, enter the port numbers that control sending packets (up to 10 ports), separated by commas, for example 25,80,143,5220; leave this setting blank to control all ports; see the next table for more information |
| IKE Version | Select IKEv1 or IKEv2 depending on the device that the product is connected to |
| Authentication Method | If you selected IPsec as the Access Control option, select an authentication method here |
| Pre-Shared Key | If you selected Pre-Shared Key as the Authentication Method option, enter a pre-shared key between 1 and 127 characters long here and in the Confirm Pre-Shared Key field |
| ID Type | If you selected IKEv2 as the IKE Version setting, select the ID type from the list |
| ID | If you selected IKEv2 as the IKE Version setting, enter the necessary ID information |
| Encapsulation | If you selected IPsec as the Access Control option, select one of these
encapsulation modes:
Transport Mode: if you are using the product on the same LAN; IP packets of layer 4 or later are encrypted Tunnel Mode: if you are using the product on an Internet-capable network, such as IPsec-VPN; the header and data of IP packets are encrypted |
| Remote Gateway(Tunnel Mode) | If you selected Tunnel Mode as the Encapsulation option, enter a gateway address between 1 and 39 characters long |
| Security Protocol | If you selected IPsec as the Access Control option, select one of these
security protocols:
ESP: to ensure the integrity of authentication and data, and encrypt data AH: to ensure the integrity of authentication and data; if data encryption is prohibited, you can use IPsec |
| Algorithm Settings | Select the encryption algorithm settings for the security protocol you selected |
Group Policy Guidelines
| Service name | Protocol type | Local/Remote port number | Controls these operations |
|---|---|---|---|
| Any | — | — | All services |
| ENPC | UDP | 3289/Any port | Searching for a product from applications such as printer or scanner drivers, or EpsonNet Config |
| SNMP | UDP | 161/Any port | Acquiring and configuring MIB from applications such as printer or scanner drivers, or EpsonNet Config |
| LPR | TCP | 515/Any port | Forwarding LPR data |
| RAW (Port9100) | TCP | 9100/any port | Forwarding RAW data |
| IPP/IPPS | TCP | 631/Any port | Forwarding AirPrint data (IPP/IPPS printing) |
| WSD | TCP | Any port/5357 | Controlling WSD |
| WS-Discovery | UDP | 3702/Any port | Searching for a product from WSD |
| Network Scan | TCP | 1865/Any port | Forwarding scan data from Document Capture Pro |
| Network Push Scan | TCP | Any port/2968 | Acquiring job information on push scanning from Document Capture Pro |
| Network Push Scan Discovery | UDP | 2968/Any port | Searching for a computer during push scanning from Document Capture Pro |
| FTP Data (Local) | TCP | 20/Any port | Forwarding FTP printing data to FTP server |
| FTP Control (Local) | TCP | 21/Any port | Controlling FTP printing to FTP server |
| FTP Data (Remote) | TCP | Any port/20 | Forwarding scan data and received fax data to FTP client; controls only an FTP server that uses remote port 20 |
| FTP Control (Remote) | TCP | Any port/21 | Forwarding scan data and received fax data to FTP client |
| CIFS (Local)* | TCP | 445/Any port | Sharing a network folder on CIFS server |
| CIFS (Remote)* | TCP | Any port/445 | Forwarding scan data and received fax data to a folder on CIFS server |
| NetBIOS Name Service (Local) | UDP | 137/Any port | Sharing a network folder on CIFS server |
| NetBIOS Datagram Service (Local) | UDP | 138/Any port | |
| NetBIOS Session Service (Local) | TCP | 139/Any port | |
| NetBIOS Name Service (Remote) | UDP | Any port/137 | Forwarding scan data and received fax data to a folder on CIFS server |
| NetBIOS Datagram (Remote) | UDP | Any port/138 | |
| NetBIOS Session Service (Remote) | TCP | Any port/139 | |
| HTTP (Local) | TCP | 80/Any port | Forwarding Web Config and WSD data to a HTTP or HTTPS server |
| HTTPS (Local) | TCP | 443/Any port | |
| HTTP (Remote) | TCP | Any port/80 | Communicating with Epson Connect, firmware update, and root certificate update on a HTTP or HTTPS client |
| HTTPS (Remote) | TCP | Any port/443 |
* To control forwarding of scan and received fax data, share a network folder, or receive fax data from PC-Fax, select Port Number as the Method of Choosing Port option and specify the port numbers for CIFS and NetBIOS.