HP LaserJet, HP PageWide - Secure by Default Initiative (white paper)

ManualsBrandsHP ManualsPrint & ScanCE708A

1

2

3

4

5

6

7

8

9

9

Appendix A – Print Solution and Fleet Tool Impacts

This section describes known impacts resulting from the new security features and updated security default settings.

Fleet Tool or

Print Solution

Minimum Compatible

Solution version if

impacted

Impact to Customers

New device deployment OR Upgraded

devices after performing a Format Disk,

Partial clean or Cold Reset

Available Workarounds

HP Web Jetadmin

(WJA)

10.4-SR2 FP6 or

10.4-SR3 FP6

FP6 required for new configuration item “SNMP

Credential” (FutureSmart Version 4.0 and higher)

See Appendix B – Web Jetadmin SNMP

Configuration Options for FutureSmart 4.5 for

additional information.

For WJA versions before 10.4SR2 FP6

Use HP SM v3.1or EWS to enable write access

for SNMPv1/v2 or Configure SNMPv3

WJA requires PJL Disk Access to manage fonts

and macros.

Use WJA to enable PJL Disk Access

WJA requires PJL Device Access Commands to be

enabled for device configuration with PJL files

sent from WJA.

Use WJA to enable PJ Device Access

Commands

HP JetAdvantage

Security Manager

(HP SM)

HP SM 3.1

Version 3.1 required for SNMPv1/v2

compatibility

For HP SM versions before 3.1

Use WJA 10.4-SR2 w/FP6 or EWS to enable

SNMPv1/v2 write access or Configure

SNMPv3

CSRF must be disabled for any policy modifying

LLMNR and 802.1x, or other settings using HTTP

POST configuration method

Include disabling CSRF in any HP SM policy

modifying these settings

Fleet

Deployment Tool

(FDT)

FDT 1.7.4

Version 1.7.4 required for CSRF compatibility

FDT may be impacted and requires TC to verify

all Workflows against device. May need to enable

features via EWS based on the task or recording.

For FDT versions before 1.7.4

Use WJA10.4 w/XTP ticket, HP SM or EWS to

disable CSRF

HP Access

Control

(HP AC)

All versions of HP AC

impacted.

PJL disk access and PJL Device Access Commands

are required for installation and configuration of

HP AC.

CSRF must be disabled for solution installation

and configuration of HP AC.

Use WJA, HP SM or EWS to enable PJL disk

access and PJL Device Access Commands and

disable CSRF for installation and

configuration of HP AC IRM agent.

Following installation/configuration, PJL disk

access and CSRF can be disabled again.

HP Capture and

Route

(HP CR)

All versions of HP CR

impacted.

SNMP write access required for solution

installation.

Use WJA 10.4-SR2 w/FP6, HP SM 3.1 or EWS

to enable SNMPv1/v2 write access for

installation and configuration of HP CR on the

device.

Following installation/configuration, SNMP

write access can be disabled again.

HP Embedded

Capture

(HP EC)

All versions of HP EC

impacted

CSRF must be disabled for solution installation

and configuration.

Use WJA, HP SM or EWS to disable CSRF for

installation and configuration of HP CR on the

device.

Following installation/configuration, CSRF

enabled again.

TLS version 1.0 required for solution

compatibility.

Use WJA, HP SM or EWS to enable TLS

version 1.0