Hello All,
I am a bit new to this level of networking, but I am trying to learn.
I have a printer on one interface that needs to be accessible from the other two.
My product is a FortiWiFi 60D, version 5.6.12.
My config is:
wan1 = connection between small office and internet
physical LAN = 10.10.79.X
wifi1 = device is located here 10.10.80.X
wifi2 = 10.10.180.X
wifi3 = 10.10.81.X (Guest)
I can ping the printer from LAN, wifi1, and wifi2, but it doesn't show up in AirPrint like it used to (prior to FortiWifi 60D being installed) which makes it difficult for the Apple products to connect to it and print.
In "Addresses" under "Policy & Objects" I have it defined as: "Canon Printer", subnet, 10.10.80.34/32, interface = "any", Show in Address List = enabled, Static Route Configuration disabled.
In IP4Policy the very first policy I have is:
Name: Printer #1 Policy
Incoming Interface: physical LAN, wifi1, and wifi2
Outgoing Interface: wifi1
Source: physical LAN, wifi1, and wifi2
Destination: "Canon Printer"
Schedule: Always
Service: ALL
Action: Accept
NAT = Enabled
IP Pool Config: Use Outgoing Interface Address
None of the Security Profiles are Enabled
Log Allowed Traffic: Enabled with "All Sessions"
Policy is Enabled.
Anyone have any idea what I am missing? I have been messing around with this for a couple days and the hair loss is getting to be a bit much.
;)
Thanks.
Solved! Go to Solution.
Devices on wifi1 (10.10.80.X) should be able to communicate with the Canon Printer (10.10.80.34/32) directly unless you have blocked Intra-SSID Traffic. Devices on the other subnets (LAN, wifi2, wifi3) should have firewall polices configured to direct traffic to "wifi1/Canon Printer". NAT is not needed unless the Canon Printer itself does not allow for non-subnet connections (and can not be configured for such). Check the routing monitor to make sure there is a route showing up for 10.10.80.X.
As for airprint, see KB #FD33598 or KB#FD36500 for setting up multicast traffic.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
The same issue also happens to me. When I try to print using the HP Designjet T520 printer from my PC the interface didn't show the printer. Could be the computer can't able to find the printer IP address.
Hi Jon.
If you can ping the printer's IP address then I say the issue is simply a "discovery" issue - if we are talking about one or two printers - you probably just want to manually specific the IP address for the printer when setting it up (e.g configure a TCP/IP port). Also if the printer's IP address should be accessible via web browser if ICMP packets are blocked.
This thread was about getting devices on wifi to "discover" a lan printer, so 3 interfaces (subnets) are involved. Are you having a similar issue?
jonsmith wrote:The same issue also happens to me. When I try to print using the HP Designjet T520 printer from my PC the interface didn't show the printer. Could be the computer can't able to find the printer IP address.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
He wrote he wants to see the printer in airprint.
Airprint bascially uses bonjour which is udp multicast.
You will need to set up multicast policies to make airprint work.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Yeah. Multicast is the fix here. Be sure to be careful when enabling Multicast across interfaces. If you do it in a manner that is too wide open (ALL ALL ALLOW ALL type scenarios) and you do it across multiple branches that then connect to a central location via IPSEC you can easily bring down environments (ask me how my dumbass knows LOL).
Mike Pruett
Well to give an example:
I here have two multicast policies for airprint.
#1: from wlan vlan interface to lan interface with wlan subnet as source address and mliticast address "bonjour" as destination address with no nat enabled.
#2: from lan interface to wlan vlan interface with the ip range of lan subnet as source and multicast address "bonjour" as destination.
Multicast address "Bonjour" is a multicast iprange from 224.0.0.251 to 224.0.0.251. I don't remember if I created that or if it were there by factory default.
Airprint works fine with these here..
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.