Network policy in place. Can't print
T25W
Printers are set up with both LPR (515) and Standard TCP using port 9100.
I have my wireless policy set to allow ports 515 and 9100 tcp to my general network. I see traffic to 9100 on my firebox's traffic monitor. I can TCPping ports 515 and 9100. Can't print.
As a test, I also set up to allow EVERYTHING through to my general office network. Still can't print.
Are windows printer using LPR and TCP to attach to printers not able to span between the two networks?
What am I doing wrong?
0
Sign In to comment.
Comments
Do the printers have a gateway IP addr of the firewall & have the correct subnet mask (/24) ?
Yes they do. The printers are configured DHCP and I have their MAC address configured to specific IP addresses in the Firebox.
Both legs are able to surf the web and download eMail perfectly
Any ACLs (Access control list) on the switches to which the printers are connected?
Anything that you can think of on the printers which may restrict the subnet which can print to them?
You can do packet captures (TCP Dump) on the firewall to hopefully see if there are reply packets coming back from the printer(s). If you don't then look to the printers.
From WSM Firebox System Manager:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/log_message_learn_more_wsm.html
From the Web UI:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/system_status/stats_diagnostics_tasks_web.html
With the Advanced Options, you can specify the IP addr, interface, etc. to capture
Are the Traffic Monitor log entries you see "allow" entries?
You can turn on Logging on a policy to see packets allowed by the policy in Traffic Monitor.
You do have the correct printer drivers installed in Windows ?
If you have a support contract on your firewall, you can open a support case and get help from a WG rep.
You can do this via the Support Center link above
Yes.
Spoke to one today. He set up the rule for everything to gt through to test. He had to get off the phone to help others, so I troubleshot things myself
I am filtering on one of the printer's IP addresses. Lots of allow. I can't find any denys.
A packet capture will show replay packets which is the only way to see them as there is no option to see reply packets in Traffic Monitor.
I will see the network again tomorrow
Hi Bruce,Followup:
The firewall policy was not at fault and was working perfectly.What was blocking was:
1) I was logged in remotely.
2) the laptop I was logged into printed fine when plugged into the Ethernet of the general office leg. But not when attached to the wireless. It printed gibberish on all the printers when attached to the wireless. And the customer did not tell me. Usually, I get an instant call when that happens. This is the first time in 30 years I have not got that call.
So I thought that the printers were just not printing, as the See What's Printing never seemed to exit the print job.The tip off was when all three printer ran out of paper. This after I added the status page of the printers into the firewall policy.
The firewall policy only allowed access to the three IP addresses of the printers and TCP ports 80, 515, 9100 on those addresses.
3) I noticed that the C:\drivers directory I created on the laptop was missing the "Printers" folder, so I have no idea who or how the printer drivers got loaded. So I Ice Drive'd one of the workstation printer directory to the laptop and removed and reinstalled all three printers. The drivers found all three printers based on their IP addresses. But I need to change their WSD addresses to TCP addresses.
4) all three printers had issues with direct LPR TCP 515 but not with port TCP 9100 on TCP network printing.And now happy camping has returned
5) updated the firmware on all three printers
Thank you for all the tips and assistance!
-T