Skip to main content
mario_thenetworkguy
mario_thenetworkguy
New Member
October 21, 2025
Question

Auto Discovery Printers

  • October 21, 2025
  • 2 replies
  • 570 views

 

I have a printer located in one VLAN and a macOS laptop connected to another VLAN.

The printer is connected via Ethernet, while the laptop connects through a FortiAP (Wi-Fi).


As both devices are on different VLANs, the laptop fails to automatically discover the printer and displays a “Check Internet Connectivity” message. However, when I manually add the printer’s IP address, it connects successfully. There is a firewall policy to allow traffic between thoses two VLANs (Any services).

It appears that the discovery packets (likely mDNS / AirPrint traffic) are not being forwarded between the two VLANs.

Can you please help how to solve this issue ? 

2 replies

AEK
SuperUser
AEK
SuperUser
October 21, 2025

I guess the discover uses broadcast or multicast, by default is not allowed on FGT.

I didn't do that before but I think you can allow it with a multicast policy.

 

AEK
    filiaks1
    filiaks1
    Explorer III
    October 23, 2025

    What @AEK  mentioned could be true but just to see what is blocked better do a capture and follow the traffic flow to see what needs allowing:

     

     

    Using the packet capture tool | FortiGate / FortiOS 7.6.4 | Fortinet Document Library

    Performing a sniffer trace or packet capture | FortiGate / FortiOS 7.6.4 | Fortinet Document Library

    Debugging the packet flow | FortiGate / FortiOS 7.6.4 | Fortinet Document Library

     

     

    If you see multicast then see Troubleshooting issues with multicast rou... - Fortinet Community

     

     

    Also if during your investigation you see that GARP is used then maybe you will need proxy arp How Proxy-ARP works - Fortinet Community as I wonder the printer and PC being on different subnets/vlans to not be part of the issue. 

     

    Also you need to get familiar with your printer as well as it could be not the firewall issue also why can't you just push the printer IP address through Active Directory policy to all PC? Better yet the DNS of the printer and if you have IPAM when the IP of the printer changes to change also the DNS record automatically if your printers gets IP from a DHCP this will be nice.

    jokes54321
    jokes54321
    New Member
    June 11, 2026

    He did say Mac, with no mention of AD, so that could be the why.  

    Terms & ConditionsAccessibility statement