Watchguard Denied Unhandled Packets

OlaOla
edited July 2021 in Firebox - Other

Please I need help!.
The firewall has been working for quite some time with no issue, but recently some clients in some VLANs started complaining of not being able to use the Printer/Scanner to Scan to email.
I checked the traffic monitor and I did look up the printer Ip address: 192.168.201.222.

2021-07-09 13:41:56 Deny 192.168.201.222 192.168.40.1 netbios-ns/udp 137 137 2.18b Firebox Denied 96 64 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"
2021-07-09 15:07:37 Deny 192.168.201.222 192.168.201.255 netbios-dgm/udp 138 138 Firebox Firebox broadcast 229 64 (Internal Policy) proc_id="firewall" rc="101" msg_id="3000-0148"
2021-07-09 15:09:45 Deny 192.168.201.222 192.168.201.255 netbios-dgm/udp 138 138 Firebox Firebox broadcast 229 64 (Internal Policy) proc_id="firewall" rc="101" msg_id="3000-0148"

This printer was working and scanning to email before, why is the firewall suddenly blocking this service now. or am missing something else.

Any suggestion will really be appreciated.

Comments

  • "Unhandled Internal Packet" tells you that there is no policy in your config allowing this packet.

    These packets are SMB - Microsoft networking, and all are coming from the printer.

    If you have 192.168.201.0 as a /24 subnet, then 192.168.201.255 is a broadcast address. Broadcast packets will always be denied by the firewall, and do not show a problem.
    192.168.40.1 may be a firewall or VLAN interface IP addr.

    None of these denies seem to indicate the issue you are having.
    Has anyone powered off the printer and powered it back on?

  • I did power cycled the printer myself but still thesame problem.
    Am not a printer expert but the Ip address of the printer 192.168.201.222 is showing on the logs been denied.
    But thesame printer has been working before on the network, the issue just started some days back and when I check the logs that's what I see.

    Trying to figure out what could happen.

  • edited July 2021

    Broadcast packet denies are not the problem here.

    What brand & model of printer is this?

    For debugging/problem resolution -
    . add a TCP-UDP predefined packet filter to your config, From: 192.168.201.222 To: Any
    . add a TCP-UDP predefined packet filter to your config, From: Any To: 192.168.201.222
    Enable Logging on both of these to see packets allowed by them in Traffic Monitor.
    Move these 2 policies to the top of your policy list.

  • The printer is Ricoh.
    I will try this and update you.
    Thanks, @Bruce_Briggs

  • None of those log lines are abnormal because Scan to email does not require using SMB ports. What is the target of the Scan to email? A local mail server? An SMTP relay? A Microsoft 365 mail server?

    Gregg Hill

Sign In to comment.