Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jkchoa
New Contributor

How to setup internal Ricoh Digital Printers to connect externally

Hi

 

We have a fortigate60e and have successfully setup ip4 policies on it and simple failover feature.

Now we're having problems on two ricoh digital printers, these two machines to connect  externally to ricoh servers to send diagnostic and consumable information to the vendor.  According to the vendor support  it uses  port 161 and 443 udp to connect to a range of hosts ips 210.173.216.40 to 210.172.216.77. We went thru cookbook "Using virtual IPs to configure port forwarding" but the scenario presented is from outside remote user going inside internal network.

Is there a cookbook showing the other way around from inside or behind the firewall connecting to outside?

 

Thanks and Regards

4 REPLIES 4
Dave_Hall
Honored Contributor

Assuming the communication is initiated from behind the fgt device, outward - there shouldn't be a need to create VIPs.  Just set up the firewall policy using the printers IPs as the source address(s) with the ricoh servers IP address range as the dest addresses.  Something like:

config firewall address edit "ricoh-printer1" set associated-interface "internal" set subnet 192.168.1.20 255.255.255.255 next edit "ricoh-printer2" set associated-interface "internal" set subnet 192.168.1.21 255.255.255.255 next edit "ricoh-printer-servers" set type iprange set associated-interface "wan1" set start-ip 210.173.216.40 set end-ip 210.173.216.77 next end config firewall addrgrp edit "ricoh-printer-group" set member "ricoh-printer1" "ricoh-printer2" next end config firewall policy edit 1 set name "ricoh -printer-service-access" set srcintf "internal" set dstintf "wan1" set srcaddr "ricoh-printer-group" set dstaddr "ricoh-printer-servers" set action accept set schedule "always" set service "ALL" set nat enable next end

 

Move this firewall policy above any general firewall policy so it is triggered. Add any UTM features accordingly. 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
jkchoa

Appreciate the response, what about ports 161 and 443 are these open or allowed by fortigate?
Dave_Hall
Honored Contributor

The default one-line firewall policy that is configured on factory reset fgt devices are set to allow "open access" traffic from the internal interface to through the WAN connection - if your company has crafted their own firewall polices then that question should be directed to whoever created those policies.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
jkchoa

Thanks very much for the post, its working now
Labels
Top Kudoed Authors