How to setup internal Ricoh Digital Printers to connect externally

Question

Hi

We have a fortigate60e and have successfully setup ip4 policies on it and simple failover feature.

Now we're having problems on two ricoh digital printers, these two machines to connect externally to ricoh servers to send diagnostic and consumable information to the vendor. According to the vendor support it uses port 161 and 443 udp to connect to a range of hosts ips 210.173.216.40 to 210.172.216.77. We went thru cookbook "Using virtual IPs to configure port forwarding" but the scenario presented is from outside remote user going inside internal network.

Is there a cookbook showing the other way around from inside or behind the firewall connecting to outside?

Thanks and Regards

Dave_Hall · Answer

Assuming the communication is initiated from behind the fgt device, outward - there shouldn't be a need to create VIPs. Just set up the firewall policy using the printers IPs as the source address(s) with the ricoh servers IP address range as the dest addresses. Something like:

config firewall address edit "ricoh-printer1" set associated-interface "internal" set subnet 192.168.1.20 255.255.255.255 next edit "ricoh-printer2" set associated-interface "internal" set subnet 192.168.1.21 255.255.255.255 next edit "ricoh-printer-servers" set type iprange set associated-interface "wan1" set start-ip 210.173.216.40 set end-ip 210.173.216.77 next end config firewall addrgrp edit "ricoh-printer-group" set member "ricoh-printer1" "ricoh-printer2" next end config firewall policy edit 1 set name "ricoh -printer-service-access" set srcintf "internal" set dstintf "wan1" set srcaddr "ricoh-printer-group" set dstaddr "ricoh-printer-servers" set action accept set schedule "always" set service "ALL" set nat enable next end

Move this firewall policy above any general firewall policy so it is triggered. Add any UTM features accordingly.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded