FREE ENGLISH TOSHIBA E-STUDIO2528A (02) PDF USER GUIDE
FREE ENGLISH TOSHIBA E-STUDIO2528A (02) PDF USER MANUAL
FREE ENGLISH TOSHIBA E-STUDIO2528A (02) PDF OWNER GUIDE
FREE ENGLISH TOSHIBA E-STUDIO2528A (02) PDF OWNER MANUAL
FREE ENGLISH TOSHIBA E-STUDIO2528A (02) PDF REFERENCE GUIDE
FREE ENGLISH TOSHIBA E-STUDIO2528A (02) PDF INSTRUCTION GUIDE
FREE ENGLISH TOSHIBA E-STUDIO2528A (02) PDF REFERENCE MANUAL
FREE ENGLISH TOSHIBA E-STUDIO2528A (02) PDF INSTRUCTION MANUAL
FREE ENGLISH TOSHIBA E-STUDIO2528A (02) PDF OPERATING INSTRUCTIONS
CLICK HERE TO DOWNLOAD TOSHIBA E-STUDIO2528A (02) PDF MANUAL
If this is not the document you want for this product, click here to see if we have any other documents for this product.
Which model names are grouped under “e-STUDIO6525AC Series” and “e-STUDIO6528A Series” in this manual?
| Model name | Series name |
|---|---|
| e-STUDIO2020AC/2520AC | e-STUDIO6525AC Series |
| e-STUDIO2525AC/3025AC/3525AC/4525AC/5525AC/6525AC | e-STUDIO6525AC Series |
| e-STUDIO2528A/3028A/3528A/4528A/5528A/6528A | e-STUDIO6528A Series |
How can I confirm that the equipment is operating in High Security Mode?
When this equipment is operated under the high security mode, a lock icon is displayed on the touch panel of the equipment.
After your service technician has performed the change of the settings of this equipment, confirm that the lock icon is displayed on the touch panel. Moreover, by referring to the initial value list, confirm that the settings have been made correctly.
How can I confirm if the internal storage device is encrypted in High Security Mode?
The internal storage device of the equipment which is operated under the high security mode is encrypted. To confirm that each function is operating, check the display at the top right of the [Counter] screen on the touch panel of the equipment. A “FIPS” icon is displayed if the internal storage device has been encrypted.
How do I know if a FIPS Hard Disk is installed?
When a FIPS Hard Disk is installed, an icon to indicate this status is displayed on the touch panel.
What authentication method should be set for CC Certification?
Be sure to set [MFP Local Authentication] for [Authentication Method] in the [User Management] screen. If [Windows Domain Authentication] or [LDAP Authentication] is set for user authentication, the equipment will not be covered by CC Certification.
What settings should be used when creating a self-signed certificate to maintain security status for CC Certification?
When a self-signed certificate is created, use “RSA2048” for Public Key and “SHA256”, “SHA384” or “SHA512” for Signature Algorithm.
How often should the integrity check be performed?
Manually select [FULL] and perform the integrity check at the time of installation and during use periodically.
What should I do if the integrity check function indicates “Call For Service”?
The Integrity Check function is automatically performed at the startup of this equipment. When “Call For Service” appears, contact your service technician.
What should be done with communication settings in High Security Mode?
Do not change the communication settings of the equipment from the initial values. Communication via a network can be protected by TLS if no such changes are made.
When should I contact a service technician regarding the High Security Mode?
Contact your service technician in any of the following cases:
• If the icon showing that the internal storage device is encrypted (FIPS icon) is not displayed.
• The displayed system version differs from the actual one.
Which functions are unavailable in High Security Mode?
In the High Security Mode, the following functions cannot be used:
• Interrupt copy
• Network Fax
• Address Book Viewer
• File Downloader
• TWAIN Driver
• e-Filing BackUp/Restore Utility
• Scheduled printing
• Disabling log authentication
• Mailbox
• E-mail reception print
• Disabling POP3 setting
• Data Backup/Restore
Is automatic log-in available for client software in High Security Mode?
The automatic log-in function in the client software which comes with this equipment is not available. Be sure to enter the user name and password when using client software.
How is data output (like Fax or print jobs) handled in High Security Mode?
Any data sent to this equipment, such as a Fax and Internet Fax printed or received from a printer driver, can be outputted only when a user with the printing privilege is logged in. Use IPP SSL/TLS to communicate with this equipment.
How is IPP printing performed in High Security Mode?
When IPP printing is performed, use the port created by entering “https://[IP address]:[SSL/TLS port number]/Print” into the URL field. For example: https://192.168.1.2:631/Print.
How should data like address books be imported in High Security Mode?
When importing the data such as address book, be sure to use the data exported from this equipment.
Are there any applications or settings to avoid under TopAccess in High Security Mode?
Do not use any applications which need a setting change of the [ODCA] sub menu in the [Setup] menu on the [Administration] under TopAccess.
Can [Use Password Authentication for Print Job] be enabled with Universal Printer 2 or Universal PS3 in High Security Mode?
Do not enable [Use Password Authentication for Print Job] when printing is performed from this equipment with any of these printer drivers; Universal Printer 2, Universal PS3.
What is required to operate the equipment in High Security Mode regarding Syslog?
In order to operate this equipment under the high security mode, a Syslog server which supports TLS1.2 is necessary. An administrator should always confirm that communication with the Syslog server is being connected.
How are jobs like printing, copying, scanning, and fax managed in High Security Mode?
Printing, copying, scanning and fax transmission/reception are subject to an access restriction by means of a user authentication function. All users can confirm the lists of jobs in processing and in waiting. However, as for the list of fax reception jobs, only users whose role is Administrator or FaxOperator can confirm it. Corresponding to the role privilege of users, they can operate outputting, deletion, pause or change orders of jobs.
• When the role of the users is Administrator or User, they can create jobs.
• When the role of the users is FaxOperator, they can create, output and delete fax transmission/reception jobs. However, as for fax transmission jobs, the users can output and delete only their account jobs.
• When the role of the users is User, jobs, they can output and delete only their account jobs.
• When the role of the users is Administrator, they can delete, pause and change the order of all jobs in waiting.
• However, if the role of the users is AccountManager or AddressBookRemoteOperator, outputting, deleting, pausing or changing orders of printing, copying or fax jobs is not available.
What specific settings must be correctly configured to operate the equipment securely?
Perform the setting correctly by referring to the “Initial value list” provided in other sections of this guide. Additionally:
• Use the encrypted PDF format when saving or sending a file and the encryption level shall be 128 bit AES.
• Specify a reliable remote PC for the saving destination of the scan data.
• Do not use MFP LOCAL since no password can be set.
• Administrators must regularly export and store the logs.
• Do not enable [Auto] of Email Direct Printing.
• Be sure to reboot the equipment when CA certification is uploaded or removed.
What should administrators explain to users about operating in High Security Mode?
An administrator should explain to users that the high security mode is operating in this equipment as well as the following items so that they will keep to them appropriately:
• Printing should be performed by using the printer driver settings of IPP print.
• Specify a reliable remote PC for the saving destination of the scan data.
• Do not use any local folder of this equipment.
What is the procedure for disposing of an MFP in High Security Mode?
When disposing of an MFP, be sure to contact your service technicians to erase the data in the internal storage device completely.
What should be done if a temporary password is used?
In the high security mode, a password, tentatively assigned by an administrator to allow a user access, is treated as a temporary one. To use the equipment, you need to register your password after accessing it with the temporary one. The security level is insufficient if you continue to use the temporary password. Register your password as soon as possible.
Under what conditions is a user temporary password used?
A user temporary password is used in the following cases:
• For the first time to log in to the equipment after being registered by an administrator.
• When an administrator resets the user’s password.
• When the user information password imported by an administrator is plain text.
What should an administrator do when resetting a user’s password?
When an administrator resets users’ passwords, they must be so notified and prompted to change them to ones of their own choosing.
How is user information protected when exported?
To prevent user information exported from an equipment from being altered, it is hashed. If you change the password for the exported user information, plain text is used for the password.
How can a user register a new password on the control panel when using a temporary password?
Enter the user name and a temporary password in the User Authentication menu. When you press [OK] in the confirmation screen for the temporary password, the password entry screen appears. Enter the temporary password in [Old Password]. Enter your new password in [New Password] and [Retype New Password], and then press [OK]. The new password is registered and you can log in to the equipment.
How can a user register a new password in TopAccess when using a temporary password?
When you access the equipment from TopAccess, the log-in screen appears. Enter the user name and a temporary password in the log-in screen, and then press [Login]. When the registration screen appears, enter your new password in [New Password] and [Retype New Password], and then press [Save]. The new password is registered and you can log in to TopAccess.
What if a new password cannot be registered when accessing the equipment with a temporary password using certain utilities?
In the following utilities, an error occurs when you try to log in to the equipment with a temporary password, and a new password cannot be registered either:
• Remote Scan driver
• e-Filing Web Utility
Before using these utilities, register a new password on the control panel or in TopAccess.
How are received Faxes, Internet Faxes, or images handled in High Security Mode?
In the high security mode, when an email to which a Fax, Internet Fax or image is received, it is not automatically output. These jobs are stored in the [Hold (Fax)] queue and only a user having the [Fax Received Print] privilege can print the job.
How do I know if there is a job in the [Hold (Fax)] queue?
If a job is in the [Hold (Fax)] queue, the Memory Rx lamp blinks.
How can a user print a job from the [Hold (Fax)] queue?
1. Log in to the equipment as a user having the [Fax Received Print] privilege.
2. Press [Print Mode] on the home menu screen.
3. Select [Hold (Fax)]. All jobs in the [Hold (Fax)] queue are displayed.
4. Select the desired job or [Select All], and then press [Print].
The job that has been output is deleted from the [Hold (Fax)] queue.
What is important about initial values when operating equipment complying with CC Certification?
To securely operate the equipment, the initial and selectable values in the equipment under the high security mode may differ from those under the normal security mode. To operate equipment complying with CC Certification, be sure to change the initial values for the high security mode listed in this manual following the instructions described in the remarks column at the start of use and keep them unchanged.
What should be done before performing an “Initialization” of the equipment?
To reset all settings by performing “Initialization” of this equipment, back up the setting of this equipment and customers’ data before initializing.
How can an administrator log in to TopAccess?
The [User Management] and [Administration] in TopAccess are displayed by logging in as a user with the administrator privilege. Open TopAccess, click “Login” on the top right, and then enter the user name and password to log in.
How can an administrator log in on the equipment’s control panel?
Be sure to log in the [Admin] tab in the [User Function] mode of the equipment as a user with the Administrator privilege.
What is the initial value for [COMM. Report] Memory Tx on the Home screen in High Security Mode?
The initial value for [COMM. Report] Memory Tx is OFF. Do not change the setting to “ON”. It is not possible to operate this menu from TopAccess.
What are the initial values for [General] Sub Menu under TopAccess Administration Setup in High Security Mode?
| Item | Initial value for the high security mode | Remarks |
|---|---|---|
| Device Information – USB Direct Print | Disable | |
| Functions – e-Filing | Enable | Be sure to change the value to “Disable”. |
| Functions – Save as FTP | Disable | |
| Functions – Save to USB Media | Disable | |
| Functions – Save as SMB | Disable | |
| Functions – Save as Netware | Disable | |
| Functions – iFax Send | Enable | |
| Functions – Fax Send | Enable | |
| Functions – Network iFax | Disable | |
| Functions – Network Fax | Disable | |
| Functions – Web Services Scan | Disable | |
| Functions – Twain Scanning | Disable | |
| Restriction on AddressBook Operation by administrator / AddressBookRemoteOperator | Can be operated by Administrator / AddressBookRemoteOperator only | |
| Energy Save – Auto Clear * | 45 Seconds | The initial value is the same as in the Normal Security Mode; however, OFF cannot be selected. |
| Home Setting – Public Home | Disable | |
| Home Setting – Sync Setting | Disable |
* The value can be changed in the [ADMIN] tab in the [User Functions -User-] menu in the touch panel of the equipment.
What are the initial values for the [Network] Sub Menu under TopAccess Administration Setup in High Security Mode?
| Item | Initial value for the high security mode | Remarks |
|---|---|---|
| IPv6 – Enable IPv6 | Enable | Be sure to change the value to “Disable”. |
| SSL/TLS – TLS Versions | TLS 1.2 | Do not change. |
| SMB – SMB Server Protocol | Disable | |
| HTTP – Enable SSL/TLS* | Enable | |
| WSD – Enable SSL/TLS | Enable | |
| WSD – Web Services Print | Disable | |
| WSD – Web Services Scan | Disable | |
| SMTP Server – Enable SMTP Server | Disable | |
| FTP Server – Enable FTP Server | Disable | |
| FTP Server – Enable SSL/TLS | Enable | |
| FTP Server – SSL/TLS | Port Number 990 | |
| SMTP Client – Enable SSL/TLS | Verify with imported CA certification(s) | |
| SMTP Client – Authentication | AUTO | Be sure to confirm that one of “CRAM-MD5”, “Digest-MD5”, “Kerberos” or “NTLM (IWA)” is applied to your use environment. |
| POP3 Client – Enable POP3 Client | Enable | Be sure to change the value to “Disable”. |
| POP3 Client – Enable SSL/TLS | Verify with imported CA certification(s) | |
| FTP Client – SSL/TLS Setting | Verify with imported CA certification(s) | |
| Bonjour – Enable Bonjour | Disable | |
| SNMP – Enable SNMP V1/V2 | Disable | |
| SNMP – Enable SNMP V3 | Enable | |
| SLP – Enable SLP | Disable |
What are the initial values for Syslog Settings in the [Network] Sub Menu under TopAccess Administration Setup in High Security Mode?
| Item | Initial value for the high security mode | Remarks |
|---|---|---|
| Enable Syslog | Enable | |
| Enable SSL/TLS | Verify with imported CA certification(s) | |
| Severity – Error | Enable | |
| Severity – Warning | Enable | |
| Severity – Information | Enable | |
| Facility – Security/Authorization | Enable | |
| Facility – Local Use0 | Enable | |
| Facility – Local Use1 (Job Log) | Enable |
* The value can be changed in the [ADMIN] tab in the [User Functions -User-] menu in the touch panel of the equipment.
What are the initial values for the [Printer] Sub Menu under TopAccess Administration Setup in High Security Mode?
| Item | Initial value for the high security mode | Remarks |
|---|---|---|
| General Setting – Restriction for Print Job | Only Hold |
What are the initial values for the [Print Service] Sub Menu under TopAccess Administration Setup in High Security Mode?
| Item | Initial value for the high security mode | Remarks |
|---|---|---|
| Raw TCP Print – Enable Raw TCP | Disable | |
| LPD Print – Enable LPD | Disable | |
| IPP Print – Enable SSL/TLS | Enable | |
| FTP Print – Enable FTP Printing | Disable |
What are the initial values for the [ODCA] Sub Menu under TopAccess Administration Setup in High Security Mode?
| Item | Initial value for the high security mode | Remarks |
|---|---|---|
| Network – Enable Port (SOAP) | Disable | |
| Network – Enable Port (REST) | Disable |
What are the initial values for the [Authentication] Sub Menu in the [Security] Menu under TopAccess Administration in High Security Mode?
| Item | Initial value for the high security mode | Remarks |
|---|---|---|
| User Authentication Setting – User Authentication | Enable | You cannot change the setting to “Disable”. |
| User Authentication Setting – User Authentication According to Function | Disable | Do not change the setting to “Enable”. |
| User Authentication Setting – Use Password Authentication for Print Job | Disable | Do not change the setting to “Enable”. |
| User Authentication Setting – Enable Guest User | No check mark (Disable) | The initial value is the same as in the Normal Security Mode; however, it cannot be set to “Enable”. |
| Authentication Type | MFP Local Authentication | |
| PIN Code Authentication | Disable | Do not change the setting to “Enable”. |
| Shared User Management | Disable | Do not change the setting to “Enable”. |
| Public Box Authentication – Public Box Authentication | Enable |
What are the initial values for the [Password Policy] Sub Menu under TopAccess Administration in High Security Mode?
| Item | Initial value for the high security mode | Remarks |
|---|---|---|
| Policy for Users | ||
| Minimum Password Length | 8 (digits) | Set a password longer than 15 digits with alphanumeric characters (including letters having an umlaut in German or a cedilla in French), symbols (! # ( ) * +, – . / : ; = ? @ $ ^ _ ` { | } ~ \) and a space. |
| Requirements to Apply | Enable | |
| Lockout Setting | Enable | (Same as in the Normal Security Mode) |
| Number of Retry | 3 (times) | |
| Lockout Time | 2 (minutes) | |
| Available Period | Disable | (Same as in the Normal Security Mode) |
| Expiration day(s) | 90 (days) | |
| Policy for Administrator, Auditor | ||
| Minimum Password Length | 8 (digits) | Set a password longer than 15 digits with alphanumeric characters (including letters having an umlaut in German or a cedilla in French), symbols (! # ( ) * +, – . / : ; = ? @ $ ^ _ ` { | } ~ \) and a space. |
| Requirements to Apply | Enable | |
| Lockout Setting | Enable | (Same as in the Normal Security Mode) |
| Number of Retry | 3 (times) | |
| Lockout Time | 2 (minutes) | |
| Available Period | Disable | (Same as in the Normal Security Mode) |
| Expiration day(s) | 90 (days) | |
| Policy for e-Filing Boxes, SecurePDF, SNMPv3, Cloning, Secure Receive | ||
| Minimum Password Length (e-Filing Boxes), Minimum Password Length (SecurePDF, SNMPv3, Cloning, Secure Receive) | 8 (digits) | Set a password longer than 15 digits with alphanumeric characters (including letters having an umlaut in German or a cedilla in French), symbols (! # ( ) * +, – . / : ; = ? @ $ ^ _ ` { | } ~ \) and a space. |
| Requirements to Apply | Enable | |
| Lockout Setting | Enable | (Same as in the Normal Security Mode) |
| Number of Retry | 3 (times) | |
| Lockout Time | 2 (minutes) | |
What information is sent to a Syslog server for monitoring?
The following information will be sent to a Syslog server. Success or failure of the event can be confirmed by means of the Result field.
• Registration date
• Internal log memory date
• Code
• Message
• User name
• Domain name
What are some target events and their corresponding log messages sent to the Syslog server?
| Target events for monitoring | Code | Result | Message |
|---|---|---|---|
| Start of the monitoring function – Turning ON of the equipment | D801 | — | Turned on the power |
| End of the monitoring function – Turning OFF of the equipment | D800 | — | The machine was shut down |
| End of jobs – End of printing jobs | 4000 | OK | job:Print jobld:6 |
| End of jobs – End of scanning jobs | 2D01 | OK | job:FTPStore jobld:8 to: |
| End of jobs – End of scanning jobs | 2C00 | OK | job:EmailSend jobld:33 to: |
| End of jobs – End of copying jobs | 4000 | OK | job:Copy jobld:11 |
| End of jobs – End of fax transmission jobs | 0000 | OK | job:FaxSend jobld:9 to:1 |
| End of jobs – End of fax reception jobs | 0000 | OK | job:FaxReceive jobld:10 from:1 |
| User authentication failure – Login failure | 6001 | NG | Failed user login |
| User identification failure – Login failure (Print Job) | 4041 | NG | job:Print jobld:29 |
| Use of the management functions – Addition of a user | 7174 | OK | Updated user information: New User created |
| Use of the management functions – Addition of a user (Failed Import) | 7129 | NG | Failed to import User Information |
| Use of the management functions – Setting and changing of a user ID | 7175 | OK | Updated user information: User Information modified |
| Use of the management functions – Setting and changing of a user ID (Role/Group) | 717D | OK | Updated user information : Role/Group assignment modified |
| Use of the management functions – Setting and changing of a user ID (Failed Import) | 7129 | NG | Failed to import User Information |
| Use of the management functions – Deletion of a user | 7176 | OK | Updated user information : User removed |
| Use of the management functions – Changing of settings – Number of retries for the login password entry | 7184 | OK | Edited Security Setting |
| Use of the management functions – Changing of settings – Lockout time | 7184 | OK | Edited Security Setting |
| Use of the management functions – Changing of settings – Status of the locked out account | 7175 | OK | Updated user information: User Information modified |
| Use of the management functions – Changing of settings – User password policy information | 7184 | OK | Edited Security Setting |
| Use of the management functions – Changing of settings – Auto logout time | 7182 | OK | Edited Device Setting |
| Use of the management functions – Changing of settings – Registration of the address book | 7160 | OK | Added new contact |
| Use of the management functions – Changing of settings – Change of the address book | 7166 | OK | Edited Address Book |
| Use of the management functions – Changing of settings – Deletion of the address book | 7170 | OK | Removed a contact |
| Use of the management functions – Changing of settings – Network setting | 7183 | OK | Edited Network Setting |
| Modification of the user group which is a part of the role – Changing of the role information | 717B | OK | Updated group information : Group information modified |
| Change of the time – Correction of the time | 718A | OK | Edited Date & Time Setting |
| Session consolidation failure – TLS session consolidation failure (bad record mac) | 80C1 | NG | Failed to establish the TLS session (bad record mac) |
| Session consolidation failure – TLS session consolidation failure (handshake failure) | 80C5 | NG | Failed to establish the TLS session (handshake failure) |
Note: As for “End of jobs”, if any codes other than the listed one appear, “NG” will be indicated in the Result field.
How can I confirm the SYS version for CC Certification?
To confirm the SYS version, check the display at the top right of the [Counter] screen on the touch panel of the equipment; for CC Certification, the SYS version should be V1.0.
How can I confirm the FAX unit version for CC Certification?
Be sure to confirm that the version of the FAX unit is “H625TA13”. To confirm this, check TopAccess – [Administration] – [Setup] Item List – Version. The required FAX units are GD-1370NA-N for the U.S.A. and GD-1370EU for Europe.
How can I confirm if the correct FIPS Hard Disk Kit (GE-1260) is installed for CC Certification?
Ask your service technician to display the model name of the internal storage device on the touch panel. Then confirm that “9401 TOSHIBA MQ01ABU032BW”, which is an identifier to indicate that GE-1260 is installed, is displayed.
What are the operator’s manuals and their identification numbers associated with CC Certified e-STUDIO6525AC and e-STUDIO6528A Series?
| Operator’s Manual Name | Identification number |
|---|---|
| Basic Operation | OME21001200 |
| Safety Information | OME21001400 |
| Copy | OME21001800 |
| Scan | OME21002000 |
| User Functions | OME21002800 |
| Installation | OME21003200 |
| OME21003400 | |
| TopAccess | OME21003600 |
| Frequently Asked Questions | OME21003000 |
| Troubleshooting | OME21000600 |
| High Security Mode | OME21004000 |
| Preparation of Paper | OME21000400 |
| Information About Equipment | OME21001600 |
| Specifications | OME21003800 |
| Fax | OME21002200 |
These manuals are for SYS version V1.0.
CLICK HERE TO DOWNLOAD TOSHIBA E-STUDIO2528A (02) PDF MANUAL