Xerox Workcentre 3655 Owner's manual

Secure Installation and Operation of Your

WorkCentre™ 3655/3655i

WorkCentre™ 5845/5855/5865/5865i/5875/5875i/5890/5890i

WorkCentre™ 5945/5945i/5955/5955i

WorkCentre™ 6655/6655i

WorkCentre™ 7220/7220i/7225/7225i

WorkCentre™ 7830/7830i/7835/7835i/7845/7845i/7855/7855i

WorkCentre™ 7970/7970i

2016 Xerox®ConnectKey®Technology

Version 1.0

July 15, 2016

Purpose and Audience

This document provides information on the secure installation, setup and operation. All customers, but particularly

those concerned with secure installation and operation of these devices, should follow these guidelines.

Overview

This document lists some important customer information and guidelines

that will ensure that your device is operated

and maintained in a secure manner.

Background

These devices are currently undergoing Common Criteria evaluation and are evaluated in a particular configuration,

referred to in the rest of this document as the “evaluated configuration”. Section 1 describes how to install and configure

the machine so that it is in the same configuration as it is for evaluation.

Customers are advised that changes to the evaluated configuration may be required to support business goals and

for compliance with policies applicable to their environment

. After careful review of this document, customers should

document settings to be applied to devices in their environment establishing a unique benchmark configuration to

support processes such as installation, change management and audit. Xerox Professional Services, which can be

contacted via http://www.xerox.com/about-xerox/customer-training/tab1-ab-enus.html, can assist in evaluating and

configuring these devices.

The information provided here is consistent with the security functional claims made in the applicable Security Targets

. Upon completion of the evaluation, the Security Target will be available from the Common Criteria Certified Product

website (http://www.commoncriteriaportal.org/products.html) list of evaluated products, from the Xerox security

website (http://www.xerox.com/information-security/common-criteria-certified/enus.html), or from your Xerox

representative.

All guidelines in this document apply to the System Administrator unless explicitly stated otherwise.

For example, if the customer security policy requires that passwords are reset on a quarterly basis, the Reset Policy for the Admin Password will

need to be enabled. Also, many customers choose to manage user credentials centrally, rather than on individual devices through local

authorization.

Xerox Multi-Function Security Target, Xerox® WorkCentre® 3655/3655i 2016 Xerox® ConnectKey® Technology, Version 1.2, July 2016

Xerox Multi-Function Security Target, Xerox® WorkCentre® 5845/5855/5865/5865i/5875/5875i/5890/5890i 2016 Xerox® ConnectKey®

Technology, Version 1.2, July 2016; Xerox Multi-Function Security Target, Xerox® WorkCentre® 5945/5945i/5955/5955i 2016 Xerox®

ConnectKey® Technology, Version 1.2, July 2016; Xerox Multi-Function Security Target, Xerox® WorkCentre® 6655/6655i 2016 Xerox®

ConnectKey® Technology, Version 1.2, July 2016; Xerox Multi-Function Security Target, Xerox® WorkCentre® 7220/7220i/7225/7225i 2016

Xerox® ConnectKey® Technology, Version 1.2, July 2016; Xerox Multi-Function Security Target, Xerox® WorkCentre® 7830/7830i/7835/7835i

2016 Xerox® ConnectKey® Technology, Version 1.2, July 2016; Xerox Multi-Function Security Target, Xerox® WorkCentre®

7845/7845i/7855/7855i 2016 Xerox® ConnectKey® Technology, Version 1.2, July 2016; Xerox Multi-Function Security Target, Xerox®

WorkCentre® 7970/7970i 2016 Xerox® ConnectKey® Technology, Version 1.2, July 2016.

I. Secure Installation and Set-up in the Evaluated Configuration

To set up the machines in the evaluated configuration, follow the guidelines below:

a. Make sure that the following system software releases along with patch 905956v2

are installed on the device:

WorkCentre 3655/3655i: 073.060.075.34540

WorkCentre 5845/5855/5865/5865i/5875/5875i/5890/5890i: 073.190.075.34540

WorkCentre 5945/5945i//5955/5955i: 073.091.075.34540

WorkCentre 6655/6655i: 073.110.075.34540

WorkCentre 7220/7220i/7225/7225i: 073.030.075.34540

WorkCentre 7830/7830i/7835/7835i: 073.010.075.34540

WorkCentre 7845/7845i/7855/7855i: 073.040.075.34540

WorkCentre 7970/7970i: 073.200.075.34540

b. Set up and configure the following security protocols and functions in the evaluated configuration:

Immediate Image Overwrite

On Demand Image Overwrite

Data Encryption

FIPS 140-2 Mode

IP Filtering

Audit Log

Security Certificates, Transport Layer Security (TLS)/Secure Sockets Layer (SSL) and HTTPS

IPSec

Local, Remote or Smart Card Authentication

Local or Remote Authorization

User Permissions

Personalization

802.1x Device Authentication

Session Inactivity Timeout

USB Port Security

SFTP Filing

Embedded Fax Secure Receive

Secure Print

Hold All Jobs

McAfee®Embedded Control

Erase Customer Data

System Administrator login is required when accessing the security features via the Web User Interface (Web UI)

or when implementing the guidelines and recommendations specified in this document. To log in to the Web UI as

an authenticated System Administrator, follow the instructions under “Accessing CentreWare Information Services

as a System Administrator” under “Accessing Administration and Configuration Settings” in Section 2 of the

applicable System Administration Guide (SAG)

To log in to the Local User Interface (denoted hereafter in this document as the Control Panel) as an authenticated

System Administrator, follow “Accessing the Control Panel as a System Administrator” under “Accessing

Administration and Configuration Settings” in Section 2 of the SAG.

Links to each of the system software mentioned above, along with the applicable installation instructions, can be found at

http://www.support.xerox.com/support/enus.html by searching for the products listed above with the ‘I’ designation (e.g., WorkCentre 3655i)

and then selecting the ‘Drivers & Downloads’ link; the link to the 905956v2 patch can be found at

http://www.support.xerox.com/support/CK_PROD_DOWN/file-download/enus.html?contentId=134478

Xerox®WorkCentre®3655/3655i Multifunction Printer 2016 Xerox®ConnectKey®Technology System Administrator Guide, Version 1.3,

February 2016; Xerox®WorkCentre®5800/5800i Multifunction Printer 2016 Xerox®ConnectKey®Technology System Administrator Guide,

Version 1.3, February 2016; Xerox®WorkCentre®5945/5945i/5955/5955i Multifunction Printer 2016 Xerox®ConnectKey®Technology System

Administrator Guide, Version 1.3, February 2016; Xerox®WorkCentre®6655/6655i Multifunction Printer 2016 Xerox®ConnectKey®Technology

System Administrator Guide, Version 1.3, February 2016; Xerox®WorkCentre®7220/7220i/7225/7225i Multifunction Printer 2016 Xerox®

ConnectKey®Technology System Administrator Guide, Version 1.3, February 2016; Xerox®WorkCentre®7800/7800i Multifunction Printer

2016 Xerox®ConnectKey®Technology System Administrator Guide, Version 1.3, February 2016; Xerox®WorkCentre®7970/7970i

Multifunction Printer 2016 Xerox®ConnectKey®Technology System Administrator Guide, Version 1.3, February 2016.

c. Follow the instructions located in Chapter 4, Security, in the SAG to set up the security functions listed in Item a

above. Note that whenever the SAGrequires that the System Administrator provide an IPv4 address, IPv6 address

or port number the values should be those that pertain to the particular device being configured.

In setting up the device to be in the evaluated configuration, perform the following

1. Administrator Password:

i. Change the Administrator password upon installation. Reset the Administrator password periodically.

Set the Administrator password to a minimum length of eight alphanumeric characters.

Change the Administrator password once a month and

Ensure that all passwords are strong passwords (e.g., passwords use a combination of alphanumeric

and non-alphanumeric characters; passwords do not use common names or phrases, etc.; special

characters such as a star (*) could be accepted).

To change the Administrator password from the Web UI, follow the instructions under “Changing the System

Administrator Password” in Section 2 of the SAG.

To change the Administrator password from the Control Panel, follow the instructions under “Changing the

System Administrator Password at the Control Panel” in Section 2 of the SAG.

ii. Disable the Admin Password Reset security feature so it is not used. To disable this feature, perform the

following:

At the Web UI select the Properties tab.

Select the following entries from the Properties 'Content menu’: Security Admin Password 

Reset Policy

Select the [Disable Password Reset] option and then select the [Apply] button to save the option

entered.

2. Authentication:

i. Establish local authentication at the device by following the “Configuring Local Authentication Settings”

instructions in Section 4 of the SAG.

Set up unique user accounts with appropriate privileges on the device for all users who require access to

the device by following the “User Database” instructions in Section 4 of the SAG.

ii. Establish network (remote) authentication access to network accounts by following the “Configuring

Network Authentication Settings” instructions in Section 4 of the SAG to set up an Authentication Server.

In the evaluated configuration the only allowable Authentication Types are Kerberos (Solaris), Kerberos

(Windows) or LDAP.

When configuring network authentication using LDAP/LDAPS enable SSL by following the instructions in

Step 3 for “Configuring LDAP Server Optional Information” under “LDAP” in Section 3 of the SAG, making

sure that Enable SSL (Secure Socket Layer) under SSL is selected.

iii. Establish user authentication via a Smart Card by following either the “Configuring Smart Card

Authentication Settings” instructions in Section 4 of the SAG or the “Software Configuration” instructions

starting on page 18.

3. Authorization:

Either local authorization or network authorization using LDAP is allowed in the evaluated configuration.

Local Authorization

i. Establish local authorization at the device by following the “Configuring Local Authorization Settings”

instructions in Section 4 of the SAG. Note that local user accounts on the device should be set up first

before user permissions are set up.

Set up user roles and user permissions to access device services and features based on the roles users

are assigned by following the instructions for “User Permissions” under “Configuring Authentication

Settings” in Section 4 of the SAG.

The instructions for setting up the device in the Evaluated Configuration assume that the System Administrator has been successfully

authenticated as a System Administrator at either the Control Panel or Web UI following the instructions in section I.a of this document.

ii. Set the permission for all Non-Logged In Users Roles (see “User Roles” in Section 4 of the SAG) to be

Not Allowed, Not Allowed & Hidden or Never, as appropriate, for the following: (1) all print permission

categories (by following the “Editing Print Permissions for the Non-Logged In Users Role” under

“Configuring Authorization Settings” in Section 4 of the SAG) and (2) all services and tools (by following

the “Editing Services and Tools Permissions for the Non-Logged In Users Role” under “Configuring

Authorization Settings” in Section 4 of the SAG). Also set the

Network Authorization

i. Establish remote authorization using LDAP by following the “Configuring Network Authorization Settings”

and “Configuring Network Authorization Server Settings” instructions in Section 4 of the SAG. Make sure

to follow only the instructions pertaining to setting up an LDAP Server.

Network Authorization using an SMB server is not part of the evaluated configuration and should not be

used.

4. Personalization: Enable personalization by following the instructions for “Specifying the Method the Printer

Uses to Acquire Email Address of Users” under “Configuring Smart Card Authentication Settings” under

“Configuring Authentication Settings” in Section 4 of the SAG. Configure personalization by following the

instructions for “Configuring User Mappings” under “LDAP” in Section 3 of the SAG.

5. Immediate Image Overwrite: Follow the instructions under ‘Enabling Immediate Image Overwrite at the

Control Panel’ or ‘Enabling Immediate Image Overwrite’ in Section 4 of the SAG to enable Immediate Image

Overwrite from the Control Panel or the Web UI, respectively.

Both Immediate Image Overwrite and On Demand Image Overwrite are enabled by default at the factory when

the device is first delivered.

6. Security Certificates: Install a digital certificate on the device before enabling SSL by following the appropriate

instructions under “Security Certificates” in in Section 4 of the SAG for installing the any one of the digital

certificates (Device Certificate, CA Certificate or Trusted Certificate) the device supports.

Note that a Xerox self-signed certificate is installed by default on the device. If a CA certificate is desired a

Certificate Signing Request (CSR) will have to be sent to a Certificate Authority to obtain the CA Certificate

before it can be installed on the device. Follow the instructions for “Creating a Certificate Signing Request”

under “Security Certificates” in in Section 4 of the SAG to create the CSR.

7. Transport Layer Security (TLS)/Secure Sockets Layer (SSL):

i. Follow the instructions under ‘Enabling DND/DDNS Settings the Control Panel’ or ‘”DNS” (under

“Configuring IP Settings in CentreWare Internet Services”) in Section 3 of the SAG for entering the host

and domain names, to assign the machine a valid, fully qualified machine name and domain from the

Control Panel or the Web UI, respectively (required for SSL to work properly).

ii. If a self-signed certificate is to be used download the generic Xerox root CA certificate from the device by

following the instructions for saving the certificate file under “Viewing, Saving or Deleting a Certificate” in

Section 4 of the SAG and then installing the saved certificate in the certificate store of the System

Administrator's browser.

iii. Enable HTTPS by following the instructions for “Enabling HTTPS (SSL)” under “Secure HTTP (SSL)” in

Section 4 of the SAG. Set the ‘Force Traffic over SSL’ option to be Yes (all HTTP requests will be

switched to HTTPS).

iv. Disable SSLv3.0 in favor of TLS v1.x to avoid vulnerabilities associated with downgrading from TLS to

SSLv3.0.

8. FIPS 140-2 Mode: Encryption of transmitted and stored data by the device must meet the FIPS 140-2 Standard.

Enable the use of encryption in “FIPS 140 mode” and check for compliance of certificates stored on the device

to the FIPS 140-2 Standard by follow the instructions for “Enabling FIPS 140 Mode and Checking for

Compliance” in Section 4 of the SAG.

Since Kerberos and SFTP are not FIPS compliant secure protocols, make sure when enabling FIPS mode that

you set up the proper exceptions for both Kerberos and SFTP.

9. Data Encryption: Enable data encryption by following the instructions under “Enabling Encryption of Stored

Data” in Section 4 of the SAG; data encryption is enabled by default at the factory when the device is first

delivered. Before enabling disk encryption, ensure that the WorkCentre 5845/5855/5865/5875/5890,

WorkCentre 7220/7225 or WorkCentre 7830/7835/7845/7855 is not in diagnostics mode and that there are no

active or pending scan jobs.

10. IP Filtering: Enable and configure IP Filtering to create IP Filter rules by following the instructions under “IP

Filtering” in Section 4 of the SAG.

Note that IP Filtering is not available for either the AppleTalk protocol or the Novell protocol with the ‘IPX’ filing

transport. Also, IP Filtering will not work if IPv6 is used instead of IPv4, but IPv6 is not part of the evaluated

configuration.

Note also that a zero (‘0’) should be used and not an asterisk (‘*’) if a wildcard is needed for an IP address in

an IP Filter rule.

11. Audit Log: Enable the audit log, download the audit log file and then store it on an external IT product using

the Web UI by following the appropriate instructions for “Enabling Audit Log” and “Saving an Audit Log”,

respectively, under “Audit Log” in Section 4 of the SAG.

Save audit log entries on a USB drive attached to the device via one of the Host USB ports using the Control

Panel by following the appropriate instructions for “Saving an Audit Log to a USB Drive” under “Audit Log” in

Section 4 of the SAG. In downloading the Audit Log the System Administrator should ensure that Audit Log

records are protected after they have been exported to an external trusted IT product and that the exported

records are only accessible by authorized individuals.

The System Administrator should download and review the Audit Log on a daily basis. The machine will send

a warning email when the audit log is filled to 90% (i.e., 13,500) of the 15,000 maximum allowable number of

entries, and repeated thereafter at 15,000 entries until the Audit Log is downloaded.

The System Administrator should be aware that there is the possibility that on an intermittent basis multiple

entries may be included in the audit log for the same event.

The Audit Log can be transferred to an audit log server outside the device. The directions for transferring the

audit log are:

Follow the directions for accessing the Audit Log under “Audit Log” in Section 4 of the SAG.

Select the Audit Log Enabled checkbox.

Enter the IP Address or Host Name and the port number for the Audit Log Server.

Enter the directory path to the filename where the transferred Audit Log is to be stored.

Enter the login name and password to access the Audit Log server.

Either schedule a time when the Audit Log will be transferred by selecting the Schedule Automatic Log

Transfer Enabled checkbox and entering the desired time in the appropriate text boxes the Audit Log is to

be transferred, or selecting Send Log Now button to send the Audit Log immediate to the Audit Log server.

Note that the Audit Log will be transferred using the SFTP secure protocol even though that fact may not be

stated on the Audit Log Web UI page.

12. IPSec: Enable and configure IPSec by following the instructions under “IPsec” in Section 4 of the SAG. Note

that IPSec should be used to secure printing jobs; HTTPS (SSL) should be used to secure scanning jobs. Use

the default values for IPSec parameters whenever possible for secure IPSec setup.

Note that IPSec can be disabled at the Control Panel by following the instructions for “Disabling IPSec at the

Control Panel” under “IPSec” in Section 4 of the SAG. However, if IPSec is disabled the device will no longer

be in the evaluated configuration.

Ensure that an IP Address of 0.0.0.0 is not used to create a new Host Group.

13. Session Inactivity Timeout: Enable the session inactivity timers (termination of an inactive session) from the

Web UI by following the instructions for “Setting System Timeout Values” or from the Control Panel by following

the instructions for “Setting the System Timeout Values at the Control Panel” in Section 4 of the SAG.

14. Secure Print: Set the Secure Print security function to require the User ID for identification purposes to release

a secure print job. Access and configure the Secure Print security function by following the instructions under

“Configuring Secure Print Settings” in Section 5 of the SAG.

Ensure that the ‘Release Policies for Secure Print Jobs Requiring Passcode When the User is Already Logged

In’ option is set to Prompt for Passcode Before Releasing Jobs.

For best security, print jobs (other than LANFax jobs) submitted to the device from a client or from the Web UI

should be submitted as a secure print job. To ensure that print jobs can only be submitted as secure print jobs,

for logged in users (since non-logged in users are denied permission to print any job in the evaluated

configuration) follow the instructions for “Setting Job Type Print Permissions under “Editing Print Permissions

for the Non-Logged In Users Role” under “Configuring Authorization Settings” in Section 4 of the SAG, select

Custom and then set the permission to be Allowed for Secure Print and Not Allowed for all other print types.

Once a secure print job has been submitted the authenticated user can either release the job for printing at the

Control Panel by following the instructions under” Releasing a Secure Print”or delete the job at the Control

Panel by following the directions under “Deleting a Secure Print”, both under “Printing Special Job Types” under

“Printing Features” in Section 5 of the applicable User Guide

Note that only the submitter of a secure print job can release or delete the job, and in the evaluated configuration

only the System Administrator can delete any user’s job, including a secure print job. To ensure that only the

System Administrator can delete jobs, from the WebUI follow the instructions for “Editing Services and Tools

Permissions for the Non-Logged In Users Role” under “Configuring Authorization Settings” in Section 4 of the

SAG and set the entry for ‘Delete Jobs’ under ‘Job Status Pathway’ to Not Allowed for all defined logged in

user roles except the System Administrator and Accounting Administrator roles, which are set to Allowed for

this entry (non-logged in users should be denied permission to access any device services or features as

discussed in I.b.3.ii above).

Set job deletion to ‘System Administrator Only’ at the Control Panel by following the instructions for “Setting

Job Deletion Options at the Control Panel” in Section 10 of the SAG.

15. Hold All Jobs: The Hold All Jobs function is used in the evaluated configuration. Set the Enablement option

to Hold All Jobs in a Private Queue and the Unidentified Jobs Policies option to Hold Jobs; Only

Administrators can Manage Jobs by following the instructions for “Configuring the Hold All Jobs Feature”

under “Hold All Jobs” in Section 5 of the SAG.

Once a held print job has been submitted the authenticated user can either release the job for printing at the

Control Panel by following the instructions under ”Releasing Held Print Jobs” under “Held Print Jobs” under

“Printing Features” in Section 5 of the applicable User Guide. To delete a held job at the Control Panel follow

the applicable instructions under “Managing Jobs at the Control Panel”under “Managing Jobs” in Section 5 of

the applicable User Guide.

As is the case for a secure print job only the submitter of a held print job can release the job, and only the

System Administrator can delete any print job.

16. 802.1x Device Authentication: Enable and configure 802.1x device authentication from the Control panel by

following the instructions for “Enabling and Configuring 802.1x at the Control Panel” or from the Web UI by

following the instructions for “Enabling and Configuring 802.1x in CentreWare Internet Services” in Section 4 of

the SAG. Ensure that the 802.1x username and password are not blank when configuring 802.1x device

authentication from the Control Panel.

Note: To be in the evaluated configuration EAP-TLS should be selected as the 802.1x authentication method.

17. USB Port Security:Enable or disable the USB Ports using the Web UI by following the instructions for

“Enabling and Disabling USB Ports” under “USB Port Security” in Section 4 of the SAG. To enable or disable

the USB Ports using the Control Panel follow the instructions for “Enabling or Disabling All USB Ports at the

Control Panel” under “USB Port Security” in Section 4 of the SAG

18. SFTP Filing: SFTP Filing is used in the evaluated configuration. Specify the use of Secure FTP for sending

scan or backup job files over the network by following the instructions for “Configuring FTP and SFTP Filing

Settings” under “FTP/SFTP Filing” in Section 3 of the SAG.

19. McAfee®Embedded Control: If use of the Embedded Device Security is desired, from the Web UI check that

Embedded Device Security is enabled by following the instructions under “McAfee Embedded Control” in

Section 4 of the SAG. If the default Enhanced Security is desired, select the Enhanced Security for the

‘Security Level’; if the ‘Integrity Control’ option is desired, select Integrity Control for the ‘Security Level’. Do

not select the Disable McAfee Secure Device ‘Security Level’ option.

Xerox®WorkCentre®3655/3655i Multifunction Printer 2016 Xerox®ConnectKey®Technology User Guide, Version 1.2, February 2016; Xerox®

WorkCentre®5800/5800i Multifunction Printer 2016 Xerox®ConnectKey®Technology User Guide, Version 4.0, February 2016; Xerox®

WorkCentre®5945/5945i/5955/5955i Multifunction Printer 2016 Xerox®ConnectKey®Technology User Guide, Version 4.0, February 2016;

Xerox®WorkCentre®6655/6655i Multifunction Printer 2016 Xerox®ConnectKey®Technology User Guide, Version 1.2, February 2016; Xerox®

WorkCentre®7220/7220i/7225/7225i Multifunction Printer 2016 Xerox®ConnectKey®Technology User Guide, Version 1.3, February 2016;

Xerox®WorkCentre®7800/7800i Multifunction Printer 2016 Xerox®ConnectKey®Technology User Guide, Version 1.3, February 2016; Xerox®

WorkCentre®7970/7970i Multifunction Printer 2016 Xerox®ConnectKey®Technology System Administrator Guide, Version 1.2, February

2016.

Since Integrity Control is a purchasable option, before the Security Level can be set to Integrity Control this

option must first be installed on the device; enter the installation key for the Integrity Control option provided by

Xerox when the option is purchased in the appropriate step in the instructions under “McAfee Embedded

Control” in Section 4 of the SAG.

To install Integrity Control from the Control Panel perform the following:

Press the Machine Status button and then the Tools tab.

Touch Device Settings >General.

Touch Feature Installation.

Enter the installation key for the Integrity Control option provided by Xerox when the option is purchased in

the ‘Enter Feature Installation Key’ text box.

Touch OK.

21. Erase Customer Data: Initiate the feature to erase all customer date from the device at the Control Panel by

performing the following:

Press the Machine Status button and then the Tools tab.

Touch Device Settings >General.

Touch Erase Customer Data.

Touch the Erase Customer Data button. A second screen will be displayed; touch the Erase Customer

Data button a second time to initiate the erasure of customer data.

d. The following protocols, services and functions are considered part of the evaluated configuration and should be

enabled when needed:

TCP/IP

Date and Time

Copy

Embedded Fax

Fax Forwarding on Receive (for received Embedded Faxes)

Scan to E-mail, including email encryption and signing

Workflow Scanning

Scan to Mailbox

Scan to USB

Print from USB

Print from Mailbox

NTP

SMB Filing

When setting up the device to be in the evaluated configuration, perform the following special setup for the above

services (otherwise follow the appropriate instructions in the appropriate section of the SAG to set up and/or

configure the protocol/service/function):

1. TCP/IP:

Enable IPv4 and IPv6 from the Control Panel by following either the instructions in “Quick Setup Home” for

using the IP Address Settings wizard under Initial Setup at the Control Panel in Section 2 of the SAG or the

instructions for “Enabling TCP/IP” under “IP” in Section 3 of the SAG. Configure IPv4 or IPv6 by following

the instructions for “Configuring TCP/IP Settings at the Control Panel” under “IP” in Section 3 of the SAG

Set up and configure IPv4 and IPv6 from the WebUI by following the instructions for “Configuring IPv4” and

“Configuring Settings for IPv6”, respectively, under “Configuring IP Settings in CentreWare Internet

Services” under “IP” in Section 3 of the SAG.

2. Date and Time:

Ensure that the date and time on the device is correct and is set for the correct time zone where the device

is located. Set the date and time from the Control Panel by following the instructions in “Setting the Date

and Time at the Control Panel”.

Set the date and time from the Web UI by following the instructions in “Setting the Date and Time in

CenterWare Internet Services”, both under “Setting the Date and Time” in Section 10 of the SAG. Ensure

to set the ‘Date and Time Setup’ option to be Manual (NTP Disabled).

3. Embedded Fax:

Ensure that Embedded Fax is properly installed.

Set Embedded Fax parameters and options via the Local User Interface on the machine by following the

instructions for “Embedded Fax” in Section 8 of the SAG.

Set the minimum length of the (Embedded Fax) secure receive passcode from the Control Panel by

performing the following:

Press the Machine Status button and then the Tools tab.

Touch Service Settings > Embedded Fax Settings.

Touch Fax Passcode Length.

Enter the desired minimum secure receive passcode length in the indicated ‘Length’ text box between

4 and 10 digits.

Touch OK.

Set the minimum length of the (Embedded Fax) secure receive passcode from the Web UI by following the

instructions for “Configuring Fax Passcode Length” under “Fax Security” under “Embedded Fax” in Section

8 of the SAG.

Enable and set (Embedded Fax) Secure Receive passcode from the Control Panel by performing the

instructions for “Enabling or Disabling the Secure Fax Feature” under “Fax Security” under “Embedded Fax”

in Section 8 of the SAG. Set ‘Guest Access’ to Disabled to prevent unauthenticated users from being able

to enable or disable Secure Receive.

Enable Fax Forwarding on Receive and establish up to five fax forward rules from the Web UI by following

the instructions for “Fax Forwarding” under “Embedded Fax” in Section 8 of the SAG. Only add E-mail

addresses to the fax forward rules established by following the instructions for “Adding an Email Address

to a Fax Forward Rule”.

The Mailbox and Polling Policyshould be set to delete received faxes when theyare printed. Set the Mailbox

and Polling Policy by following the instructions under “Defining Mailbox and Polling Policies” under

“Embedded Fax” in Section 8 of the SAG. Makes sure the Delete on Print option is selected for Received

Documents.

The Local Polling option and embedded fax mailboxes should not be set up or used at any time.

Remote Polling should only be used by the System Administrator.

Printing of Embedded Fax confirmation reports is not included in the evaluation. The Embedded Fax cover

sheets should not be printed with an Embedded Fax job.

Be aware that if the Embedded Fax secure receive passcode length is changed via the Local User Interface,

the changed secure receive passcode length may not be reflected on the Local User Interface after the

system has saved the change. After the system has saved the change the changed secure receive

passcode length will be reflected on the WebUI and will be in effect when attempting to enter a new

Embedded Fax secure receive passcode.

4. Scan To Mailbox:

Enable and configure the Scan to Mailbox feature from the Web UI by following the instructions under

‘Enabling or Disabling Scan to Mailbox’ in Section 7 of the SAG.

Establish a unique Scan-to-Mailbox mailbox for each authenticated user.

Establish unique names for each Scan-to-Mailbox mailbox.

Be aware that if Scan-to-Mailbox folders are cloned any existing mailboxes on the target device that have

the same name as a mailbox in the clone file will have their passwords reset to the password in the clone

file.

Sometimes an existing Scan-to-Mailbox mailbox passcode may have to be entered twice to access the

applicable mailbox.

In configuring the Scan to Mailbox feature, set the feature so that scanned documents are only stored in

private folders and that public folders are not allowed by setting the proper scan policies. To set the scan

policies for the Scan to Mailbox feature follow the instructions under “Setting Scan Policies” in Section 7 of

the SAG.Set the scan policies as follows:

Deselect Allow Scanning to Default Public Folder

Deselect Require per Job password to public folders

Select Allow additional folders to be created

Select Require password when creating additional folders

Select Prompt for password when scanning to private folder

Deselect Allow access to job log data

5. Scan to Email:

Set the domain filtering to limit the domains to which Scan to E-mail jobs can be sent. Enable the domain

filtering option by following the instructions under “Editing Domain and Email Filter Settings” under

“Configuring Email Security Settings” under “Scanning to an Email Address” in Section 7 of the SAG.

Configure encryption and signing of Scan to Email jobs by following the instructions for “Configuring Email

Encryption Settings” and “Configuring Email Signing Settings”, respectively, under “Configuring Email

Security Settings” under “Scanning to an Email Address” in Section 7 of the SAG. Set the ‘Email Encryption

Enablement’ option to Always On; Not Editable by user.

Configure encryption of Scan to Email jobs sent from the device over SMTP by following the instructions

for “Configuring SMTP Connection Encryption Settings” under “SMTP” in Section 3 of the SAG. Set the

‘Email Signing Enablement’ option to Always On; Not Editable by user.

Configure authentication of SMTP to send Scan to Email jobs or to forward received Embedded Faxes via

email by following the instructions for “Configuring SMTP Authentication Settings” under “SMTP” in Section

3 of the SAG.

Other manuals for WorkCentre 3655

This manual suits for next models

Other Xerox MFP manuals

Xerox

Xerox WorkCentre 7220 User manual

Xerox

Xerox WorkCentre 7845 User manual

Xerox

Xerox WorkCentre 3655 User manual

Xerox

Xerox Color J75 Press Instruction Manual

Xerox

Xerox WorkCentre 3615 Operating manual

Xerox

Xerox WorkCentre 6655 User manual

Popular MFP manuals by other brands

Konica Minolta

Konica Minolta Bizhub 165 user guide

Lexmark

Lexmark S400 Series Service manual

Konica Minolta

Konica Minolta BIZHUB 226 user guide

Lanier

Lanier Type 1356 operating instructions

Panasonic

Panasonic KX-MB2060C operating instructions

Brother

Brother DCP-L2520DW Quick setup guide

Brother

Brother DCP-395CN Quick setup guide

Ricoh

Ricoh SP 277SNwX Setup guide

Ricoh

Ricoh MP C3003 manual

Konica Minolta

Konica Minolta bizhub 250 Shortcut manual

Kyocera

Kyocera ECOSYS M6026cdn Type B Service manual

Brother

Brother DCP-7030 Quick setup guide

Panasonic

Panasonic KX-MB2060 Information guide

Brother

Brother MFC-J245 user guide

Canon

Canon PIXMA MG3000 SERIES Online manual

Oce

Oce cm3521 Safety information & getting started

Primera

Primera Bravo XR user manual

Ricoh

Ricoh SP221s user guide

Xerox WorkCentre 3655 Owner's manual

Popular MFP manuals by other brands