KYOCERA Fleet Services KFS Connection Method Guide
Introduction
KFS can connect to devices in a variety of ways. This document will help you find the best connection method for customer requirements.
Revision history
| Version | Release Date | Revision |
|---|---|---|
| 1.00 | June 19, 2024 | First release |
Connection method
List of Connection Methods
The following outlines a list of device connection methods.
| Connection Method | Manageable Device | Number of connections | Communication | Protocol | Operation (Functionality) |
|---|---|---|---|---|---|
| KFS Direct (With Manage mode) | - | Individually | Bi-directional | HTTPS, XMPP/MQ TT | All operations available |
| KFS Direct (With Monitor mode) | - | Individually | Single way communication, device to server | HTTPS | Only monitor the device |
| NetGateway | Up to 2000 | Unified | Single way communication, device to server | HTTPS | Monitor the device Support part of operation |
| NetGateway connected USB devices | Up to 2000 | Unified | Single way communication, device to server | HTTPS | Monitor the device Support part of operation |
Diagram Description: A network diagram illustrates the connection architecture. It shows a central KFS Manager connected to a NetGateway, which then connects to devices via a Customer Intranet. Devices can be KFS Direct (via Proxy Server in NetGateway), USB-connected Devices, or Legacy & Competitor Devices. The diagram also depicts a Firewall and a Proxy Server.
Recommended Connection Method
The recommended connection method for customer requirements is as follows:
| Customer requirements | Recommended connection method | Description |
|---|---|---|
| Communication Path Requirements No restriction. (Allow individual communication with devices.) | KFS Direct | Simplest connection method to communicate directly with the device to KFS. |
| Communication direction requirements Restrict access from outside. | With Monitor mode | When Connection mode is set to Monitor mode, only device data collection is performed. |
| Perform remote maintenance. | With Manage mode | When Connection mode is set to Manage mode, remote maintenance can be performed in addition to device data collection. |
| Connecting competitor devices or legacy devices. | NetGateway | If a NetGateway has many managed devices, polling of device data may fail depending on the polling timing. For example, if a customer prints daily, the device information is updated daily, so those devices fall into the high priority category. If a customer manages these devices and the device is only turned on during normal work hours (8 hours per day), the number of connections to a single NetGateway must be kept under 600 devices (polling interval: 6 hours). If customers print infrequently and their devices fall into the low priority category, the number of connections to a single NetGateway must be kept under 200 devices (polling interval: 2*4=8 hours). If you set up to have multiple NetGateways to separate managed devices so that the polling interval is longer than the device turned ON interval it will be faster. |
| Do not allow the device to connect to the network. | NetGateway connected USB devices | Connect the USB cable between the NetGateway PC (Local Agent PC) and the device. |
NetGateway connected USB Device Settings
Add a device connected to the NetGateway PC (Local Agent PC) with a USB cable.
NetGateway Settings
Install the local agent (KyoceraAgent.msi) on the PC that will be USB connected to the device.
Screenshot Description: A screenshot shows the NetGateway interface with options for Monitoring, Settings, and Admin. Under Settings, a dropdown menu includes 'Proxy settings', 'KFS device connection mode', 'Task execution setting', 'Download local agent', 'Copy local agent URL', 'Automatic upgrade', 'Update interval', and 'Logs'.
NetGateway - Add devices
Screenshot Description: A dialog box for adding devices shows 'Discovery Settings' with 'Discovery method' set to 'By local network'. Target options include IPv4 and IPv6. A checkbox for 'USB devices' is present, with an option to 'Discover USB-connected devices'.
Trouble shooting flow:
- Wait a few minutes after completion of Install Target device USB driver on the PC. Then, check after device discovery.
- Check if the device state is in ready state.
- Check if device discovery settings are ok.
- Uninstall device USB drivers not used on the PC, and install only the target USB driver, if possible.
Check (Things to Check) details one by one:
| Location to check | Things to check | Discover USB devices |
|---|---|---|
| Server/PC where NetGateway is installed | Minimum hardware requirements are met | ✔ |
| Supported OSs are met | ✔ | |
| Supported browsers are met | ✔ | |
| Supported .Net Framework is installed (other settings are default) | ✔ | |
| Default ports are available (9696/9797/8081) | ✔ | |
| Server/PC where Local Agent is installed | Supported .Net Framework is installed | ✔ |
| Local Agent is installed | ✔ | |
| KX Driver is installed (Test print works) | ✔ | |
| NetGateway settings | Discovery settings Discover USB-connected devices are enabled | ✔ |
| Device | Device is on | ✔ |
| Device is awake (Device is not in sleep mode) | ✔ | |
| Environment | Temporary disable some firewall or it's rules, antivirus software, etc. | (if possible) |
Connection setting
Checklist Overview for Device Discovery/Registration/Online
| Settings/Configurations | All models Required | Specific Models Required | Note: Remote Panel case Required |
|---|---|---|---|
| Device - Security Settings | |||
| Certificate Verification | HASH: SHA2 Enabled | ✔ | - |
| Server-side Settings | TLS Version: TLS1.2 Enabled | ✔ | - |
| HASH: SHA2 Enabled | - | - | |
| Client-side Settings | TLS Version: TLS1.2 Enabled | ✔ | - |
| HASH: SHA2 Enabled | - | - | |
| Device - Device Settings | |||
| Date/Time | Within valid date/time range of certificate in KFS Server | - | - |
| Device - Network Settings | |||
| Proxy Settings | Compatible with customer's network environment | ✔ | - |
| Protocol | Enhanced WSD: or Enhanced WSD over SSL: - At least one, Enabled | ✔ | - |
| Not existed these settings but SSL needed case, Secure Protocols: SSL Enabled | ✔ | - | |
| HTTP/HTTPS: Enabled | ✔ | - | |
| Device - Management Settings | |||
| Remote Services | Correct information e.g. Access Code, Server URL etc. (Removed insufficient characters like "blank space") | ✔ | - |
| Settings/Configurations | All models Required | Specific Models Required | Note: Remote Panel case Required |
|---|---|---|---|
| SNMP | |||
| SNMPv1/v2c: Enabled | ✔ | - | - |
| Read Community: Compatible with NetGateway Discovery and Communication Settings | ✔ | - | - |
| Write Community: Compatible with NetGateway Discovery and Communication Settings | ✔ | - | - |
| When SNMP v3 is Enabled, then Compatible with NetGateway Discovery and Communication Settings | ✔ | - | - |
| Settings/Configurations | Required |
|---|---|
| NetGateway - Discovery Settings | |
| Communication Settings | SNMP Type: Compatible with Device Settings Secure protocol (SSL): Compatible with Device Settings Device login: Compatible with Device Settings, valid User/PW info |
| PC computer - for Single Point Connection (SPC) Enabled case | |
| Network environment | Confirm that Name resolution works fine in network environment (Register devices with proxy settings "NetGateway installed computer name" as Hostname) Or, Set actual IP address without hostname |
| Firewall Inbound Rule: | Permit specified Port (8081 as default - Possible to change it when NetGateway is first installation) |
Model Compatibility
The following tables list models compatible with different settings. √1 indicates models requiring specific settings, √2 indicates legacy models, and a checkmark indicates compatibility with all models.
| Color Models | B&W Models |
|---|---|
| ECOSYS M5021cdn | ECOSYS M2135dn, ECOSYS M2635dn, ECOSYS M2635dw, ECOSYS M2040dn, ECOSYS M2540dn, ECOSYS M2540dw, ECOSYS M2640idw, ECOSYS M2735dw |
| ECOSYS M5520cdw, ECOSYS M5520cdn, ECOSYS M5521cdn, ECOSYS M5521cdw, ECOSYS M5525cdn, ECOSYS M5526cdn, ECOSYS M5526cdw | ECOSYS M2235dn, ECOSYS M2735dn, ECOSYS M2835dw |
| ECOSYS M6030cdn, ECOSYS M6530cdn | ECOSYS M3040dn, ECOSYS M3540dn ECOSYS M3040idn ECOSYS M3540idn, ECOSYS M3550idn, ECOSYS M3560idn |
| ECOSYS M6035cidn, ECOSYS M6535cidn | ECOSYS M3145idn, ECOSYS M3645idn ECOSYS M3660idn ECOSYS M3655idn, ECOSYS M3145dn, ECOSYS M3645dn |
| ECOSYS M6230cidn, ECOSYS M6630cidn, ECOSYS M6235cidn, ECOSYS M6635cidn | ECOSYS M4132idn, ECOSYS M4125idn |
| ECOSYS M8130cidn, ECOSYS M8124cidn | |
| ECOSYS P5020cdw, ECOSYS P5020cdn, ECOSYS P5021cdn, ECOSYS P5021cdw, ECOSYS P5025cdn, ECOSYS P5026cdn, ECOSYS P5026cdw | ECOSYS P2235dn, ECOSYS P2235dw, ECOSYS P2040dn, ECOSYS P2040dw, ECOSYS P2235d, ECOSYS P2230dn |
| ECOSYS P6130cdn, ECOSYS P6035cdn, ECOSYS P7040cdn | ECOSYS P2335d, ECOSYS P2335dn, ECOSYS P2335dw |
| ECOSYS P6230cdn, ECOSYS P6235cdn, ECOSYS P7240cdn | ECOSYS P3060dn, ECOSYS P3055dn, ECOSYS P3050dn, ECOSYS P3045dn |
| ECOSYS P8060cdn | ECOSYS P4060dn |
| ECOCYS MA2100cwfx, ECOCYS MA2100cfx, ECOSYS MA2100cx | TASKalfa 3511i, TASKalfa 3011i |
| Color Models | B&W Models |
|---|---|
| ECOCYS PA2100cwx, ECOCYS PA2100cx | TASKalfa 3511i, TASKalfa 3011i |
| TASKalfa 3060ci | TASKalfa 4012i, TASKalfa 3212i |
| TASKalfa 306ci, TASKalfa 356ci, TASKalfa 406ci | TASKalfa 4020i |
| TASKalfa 307ci | TASKalfa 6002i, TASKalfa 5002i, TASKalfa 4002i |
| TASKalfa 6052ci, TASKalfa 5052ci, TASKalfa 4052ci, TASKalfa 3552ci, TASKalfa 3252ci, TASKalfa 2552ci | TASKalfa 8002i, TASKalfa 7002i |
| TASKalfa 8052ci, TASKalfa 7052ci | TASKalfa 9002i |
Examples with Screenshots
Device - Security Settings
Certificate Verification: HASH: SHA2 Enabled
Screenshot Description: Security Settings: Network Security interface showing 'Certificate Verification' with 'Validity Period' set to 'On' and 'Hash' set to 'SHA2(256/384)'.
Server-side Settings
TLS Version: TLS1.2 Enabled HASH: SHA2 Enabled
Screenshot Description: Security Settings: Network Security interface showing 'Secure Protocol Settings'. 'TLS Version' is set to 'TLS1.2', and 'Hash' is set to 'SHA2(256/384)'. 'Effective Encryption' options like AES and AES-GCM are visible.
Client-side Settings
TLS Version: TLS1.2 Enabled HASH: SHA2 Enabled
Screenshot Description: Security Settings: Network Security interface showing 'Client-side Settings' with 'TLS Version' set to 'TLS1.2'. 'REST Security' is set to 'Secure Only (REST over SSL)'. 'Effective Encryption' options are listed.
Device - Device Settings
Date/Time: Within valid date/time range of certificate in KFS Server
Screenshot Description: Device Settings: Date/Time interface showing fields for Year, Month, Day, and Time. It displays 'Current Local Time' and 'Current Universal Time (UTC/GMT)'. A certificate information pop-up shows it is valid from 3/25/2020 to 6/24/2022.
Device - Network Settings
Protocol: Enhanced WSD and Enhanced WSD over SSL should be enabled.
HTTP/HTTPS: Enabled
Screenshot Description: Network Settings: Protocol interface showing 'Universal Print', 'SOAP', 'Enhanced WSD', and 'Enhanced WSD over SSL' settings, all enabled. It also shows 'Enhanced WSD over SSL Certificate' and 'LDAP' settings.
Device - Management Settings
Remote Services: Correct information e.g. Access Code, Server URL etc. (Insufficient characters like a “blank-space” were removed)
Screenshot Description: Management Settings: Remote Services interface showing 'Server Settings'. Fields include 'Registration By' (dropdown 'Use Access Code'), 'URL' (input field), 'Proxy' (input field with 'Settings' button), 'Proxy Authentication' (User Name, Password), 'Access Code', and 'Description'.
SNMP
SNMPv1/v2c: Enabled. Read Community: Compatible with NetGateway Discovery and Communication Settings. Write Community: Compatible with NetGateway Discovery and Communication Settings.
When SNMP v3: Enabled. Compatible with NetGateway Discovery and Communication Settings.
Screenshot Description: Two screenshots of Management Settings: SNMP. The first shows SNMPv1/v2c settings with 'Read Community' and 'Write Community' fields. The second shows SNMPv3 settings with options for 'Authentication' (MD5, SHA1), 'Privacy' (DES, AES), 'Read Only User', and 'Read/Write User'.
NetGateway - Discovery Settings
Communication Settings
SNMP Type: Compatible with Device Settings. Secure protocol (SSL): Compatible with Device Settings. Device login: Compatible with Device Settings, valid User/PW info.
Screenshot Description: Two screenshots of 'Communication settings'. The first shows 'SNMP type', 'Read community name', 'Write community name', 'SNMP authentication', 'SNMP privacy', and 'Context name'. The second shows 'Secure protocol (SSL)' enabled and 'Device login' with 'Authentication type' as 'Local authentication' and fields for 'User name' and 'Password'.
PC computer - for Single Point Connection (SPC) Enabled case.
Proxy settings
Screenshot Description: Screenshot of 'Proxy settings' dialog. Options include 'Direct connection' and 'Use HTTP Proxy'. If 'Use HTTP Proxy' is selected, fields for 'Host name', 'Port', and 'Enable authentication' (User name, Password) are shown. A checkbox for 'Use Gateway as a single point of communication' is present.
Network environment
Confirm that Name resolution works fine in network environment. (Register devices with proxy settings "NetGateway installed computer name" as Hostname) or Set actual IP address without hostname.
Screenshot Description: Screenshot of 'Register your devices' section. Fields for 'Access code', 'KFS Manager authentication' (Host name, User name, Password, Description), and 'Do not use proxy settings for the following domains' are shown. A warning about proxy settings overwriting Remote Services firmware is displayed.
Firewall Inbound Rule:
Permit specified Port (8081 as default - Possible to change it when NetGateway is first installed).
Screenshot Description: Screenshot of Windows Defender Firewall with Advanced Security, showing 'Inbound Rules' and 'Outbound Rules'.
Notes for success of Device Discovery/Registration/Online
- Check whether or not the previous registered device still shows in KFS Manager:
- When Remote Services settings is turned OFF, via U520 or CCRX without deleting the device in KFS Manager, then the previous registered device remains in KFS Manager.
- You must search KFS Manager with both "Serial number" and "MAC address" on the device and delete the previous remaining device in KFS Manager. If not deleted, then device registration will fail with error code 403.
- When you have Unstable SNMP responses, a good way to prevent this issue is to make the NetGateway Timeout setting longer
- Confirm that no problems are found in network environment
Additional information on NetGateway
Device information polling
NetGateway periodically polls Alert data, Counter data and Consumable data from each device. This is because NetGateway to Device communication is uni-directional which means there is no Device to NetGateway communication. The polling interval for each device can be changed depending on the number of managed devices (displayed devices) on the NetGateway device list. The more devices you have on KFS, the longer the interval will be between polling. If your NetGateway has a lot of devices, the polling interval can be longer. Also, if the device data (toner level or counter value) is not frequently updated, the priority category will be lower. As a result, the polling interval will be longer and your device will be put into the category depending on the devices registered.
| Alert | Counter/Consumables | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2,000~ 1,001 | 1,000~ 301 | 300~ 101 | 100~ 26 | 25~1 | 2,000~ 1,001 | 1,000~ 601 | 600~ 201 | 200~ 101 | 100~26 | 25~1 | ||||
| High Priority Category | 120 (min) | 60 (min) | 15 (min) | 5 (min) | 1 (min) | 24 (hrs.) | 12 (hrs.) | 6 (hrs.) | 2 (hrs.) | 60 (min) | 60 (min) | |||
| Middle Priority Category | x2 | x2 | x2 | x2 | 1 (min) | (Note) Polling must be executed once a day. | ||||||||
| Low Priority Category | x4 | x4 | x4 | x4 | 1 (min) | (Note) Polling must be executed once a day. | ||||||||
If the target device is turning ON only for a specific time period, normal work hours and the polling interval by NetGateway is longer for the device, the device information polling can fail. In this case, you can solve the problem in two ways:
- Having multiple NetGateways to separate managed devices.
- Turning on the device for longer hours.
Authentication type/Authentication information
Authentication type/Authentication information is used for Enhanced WSD communication with the device. Enhanced WSD communication is TCP based communication and can have more stable communication with the device, unlike SNMP (UDP based communication).
To use Enhanced WSD communication, you need to enable Enhanced WSD and/or Enhanced WSD over SSL on the device as shown below (under Network Settings in Command Center).
Screenshot Description: Network Settings: Protocol interface showing 'Universal Print', 'SOAP', 'Enhanced WSD', and 'Enhanced WSD over SSL' settings, all enabled. It also shows 'Enhanced WSD over SSL Certificate' and 'LDAP' settings.
When using Enhanced WSD over SSL, “Secure Only” should be selected as Enhanced WSD Security. You can see the setting on the device shown below (under Security Settings on Command Center).
Screenshot Description: Security Settings: Network Security interface showing 'TLS Version', 'Effective Encryption', 'Hash', 'HTTP Security', 'IPP Security', 'Enhanced WSD Security' (set to 'Secure Only (Enhanced WSD over SSL)'), 'eSCL Security', and 'REST Security'.
If you want to use Enhanced WSD communication for communication with the device, you need to use the same Username and Password with it on the device.
Screenshot Description: Screenshot showing 'Authentication type' options: 'Local authentication' and 'Device settings'. 'Authentication information' fields for 'User name' and 'Password' are displayed.
You can view Authentication type and related Username and Password under Management Settings on Command Center.
Screenshot Description: Management Settings: Authentication interface showing 'Settings' and 'Local User List' with columns for 'Select', 'User Name', and 'Login User Name'. An 'Add User' button is visible.
Also, if Enhanced WSD communication with the device is NOT available, you can check if there is a "Warning” WSD status on NetGateway device list page.
| Registration type | WSD status | Connection type |
|---|---|---|
| Device (Managed) | OK | Network |
| Device (Managed) | ⚠ Warning | Network |
| Device (Managed) | OK | Network |
If there is an “OK” WSD status, you can enter correct information on Communication settings for target device, and then click “Refresh” button on NetGateway UI. This "Refresh" feature checks NetGateway to see if Enhanced WSD communication is available, based on the configured Communication settings.
Screenshot Description: NetGateway UI showing navigation buttons: 'Add devices', 'Excluded devices', 'Register devices', 'Communication settings', 'Device home', 'Refresh', 'View tasks', 'Manage Device settings', 'Computers'.
Related Documents
 |
KYOCERA Device Manager Ver.2.0-2.2 Software Information Detailed information on KYOCERA Device Manager (KDM) versions 2.0 to 2.2, covering new features, system requirements, supported models, and software updates for efficient device management. |
 |
Kyocera ECOSYS P8060cdn Printer Driver User Guide Comprehensive user guide for the Kyocera ECOSYS P8060cdn printer driver, covering installation, configuration, and advanced features for optimal printing. |
 |
Kyocera TASKalfa and ECOSYS Printers: Product Quick Reference Guide A comprehensive quick reference guide detailing specifications for Kyocera's TASKalfa and ECOSYS series of multifunctional printers and color printers, including print speed, resolution, paper handling, memory, and more. |
 |
Kyocera Document Solutions: NASPO ValuePoint Catalog and Offerings Comprehensive catalog of Kyocera multi-functional devices, printers, software, and cloud solutions available through the NASPO ValuePoint contract, featuring ECOSYS and TASKalfa series products for government and businesses. |
 |
KYOCERA Printer Driver User Guide A comprehensive user guide for the KYOCERA printer driver, covering installation, configuration, and advanced printing features for various ECOSYS and TASKalfa models. |
 |
How to Configure Kyocera TWAIN Driver for USB and Network Connections A step-by-step guide on configuring the Kyocera TWAIN driver for scanner setup via USB and network connections, including setting scanner names, models, and network addresses for models like the ECOSYS M5526cdw. |
 |
Kyocera TASKalfa 4012i & 3212i Printer Driver User Guide Comprehensive user guide for installing and configuring the Kyocera TASKalfa 4012i and 3212i printer drivers. Covers installation methods, driver overview, device settings, quick print options, basic print settings, layout customization, finishing options, imaging, publishing, job management, and advanced settings. |
 |
KYOCERA TASKalfa 6053ci/6003i: Potencia, Versatilidad e Integración Directa Descubra la serie KYOCERA TASKalfa 6053ci/6003i, multifuncionales de alta productividad diseñados para la eficiencia, la versatilidad y la integración directa en entornos empresariales. Conozca sus especificaciones, opciones y capacidades para optimizar su flujo de trabajo. |