Hey all,
short info about before and after settings and my problem:
Before:
- Avaya Switches (with layer 3)
- Other Firewall (just for outgoing traffic)
Now:
- Avaya Switches (layer 3 removed)
- FortiSwitch / FortiGate (OS: 6.0.3)
Problem:
Before we switched to FortiGate and FortiSwitch as Layer 3 we could just print from pc net to printer net and it works as expected.
Now we got the problem, that many (not every printjob) are delayed. We press print on Windows and after 1-3 Minutes the printjob starts.
Thats pretty annoying, because some people are printing every few minutes.
We got no rule intern/intern (vlans) rule that block ports.
So does someone know or got the same problem and has some hints?
thx
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Do you have AV or other scanning active on the rule? regards
Fortigate 500E HA Fortimail 200 Fortimanager
FortiEMS
FortiSandbox 1000D
FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------
There is no intern / intern rule between pc-vlan and printer-vlan.
So it should be complete open
do you manage the switches over the fortigate? how exactly do you print? directly from the client to the printer, then you would have a rule of the client vlan to the printer vlan with the specified ports. if you print on the print server then you have to have a rule from the client vlan to the server vlan and from the server vlan to the printer vlan. On the rules with the specific printer ports (9100, 515, etc.) you should not necessarily do a scanning.
Fortigate 500E HA Fortimail 200 Fortimanager
FortiEMS
FortiSandbox 1000D
FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------
1) PC and Printer are patched on Avaya Switch (tagged vlan - no routing).
2) Avaya Switch is connected via GBIC on FortiSwitch (with all used vlans on this connector - Layer 3).
3) FortiSwitch is connected and managed via GBIC on FortiGate.
4) PC and Printer used different VLAN's
There are rules for WAN traffic (Intern -> WAN)
There are no rules for internal traffic (Intern -> Intern)
Ping works.
Printers are direct installed on PC via IP.
Print Port = 9100
~80% of all print jobs are without any problems.
~20% of all print jobs got problems (1-3 min till printer start to print)
Solved:
The printers got problems with "Device Detection / Acitve Scanning".
Disabled the settings for this VLAN.
p.s. cannot set my own answer as solved answer
very good, if you could solve the problem like that. It would be possible that this fits in with your constellation. just as info: we have both options turned on and printing works without delay. which firmware version do you have on the fortiswitch? the current version is there 6.0.2. possibly there is an incompatibility
we have on fortigate and fortiswitch 6.0.2.
regards
andy
Fortigate 500E HA Fortimail 200 Fortimanager
FortiEMS
FortiSandbox 1000D
FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.