Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bshimkus
New Contributor III

Losing connect to HP Laserjet MFP 425DN on wireless clients...

The environment is this:

 

FortiGate 60E (5.6.2)

FortiAP-224D (5.6)

HP LaserJet m425dn (running latest firmware)

Mac OSX 10.12.6

 

The printer is connected to the "internal" switch on the FortiGate.  The FortiAP is also connected and being managed via the FortiGate.  IPv4 policies are in place to allow all traffic to and from the wireless network to the internal switch.  No restrictions should be in place preventing any traffic from going to and from the subnets.

 

I have also created a multicast policy that allows Bonjour from internal to wireless and wireless to internal.

 

My Mac clients are losing connection to the printer shortly after connecting to it.  For example, if you use the HP Utility, you can discover and add the printer to the client, however when going to print, the client loses connection.  I don't have any Windows systems to test against at this time.

 

The printer responds to ping (and they could telnet) from wireless clients, but any attempt to print or scan results in losing connection to the printer.

 

I've looked through the FortiView logs and found that only ping, TCP/8080, TCP/8289, and SNMP_GetRequest are show as traffic between the client and the printer.

 

Any ideas?

 

bks

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40
1 Solution
bshimkus
New Contributor III

bdouble wrote:

I am having this exact same issue with a 60E and 221B AP, and an HP printer connected by ethernet to the internal interface. My firmware is 5.4.5. 

I was able to "fix" the issue.  I ended up creating a software switch on the FortiGate-60E that contained the physical interface the printer was connected to and the SSID's on the FortiAP-224D.

 

Presto!  It worked.  I was able to AirPrint from iPhone and an OSX 10.12.x client.  Extended features such as scanning worked as well from the MFP.

 

I mess with multicast policies for a solid hour and then just gave up.  I really did like the idea of separate networks for 2.4Ghz, 5Ghz, and wired connections, but it did complicate things.  I would have loved to been able to brag to my network buddies that I figured it out, but I guess I'll have to wait another day. :)

 

Even though I have FortiOS 5.6.2 on the FortiGate, these instructions still provided good guidance:

 

http://cookbook.fortinet.com/combining-wifi-and-wired-networks-with-a-software-switch/

 

I hope that helps!

 

bks

 

 

 

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40

View solution in original post

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40
9 REPLIES 9
bshimkus
New Contributor III

Did a cold reset on the printer, no change.

 

Tried connecting directly to the FortiGate on an internal interface (same group of interfaces that the printer is on) and same issue.

 

Off to open a ticket with Fortinet...

 

bks

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40
bshimkus
New Contributor III

If there are any Fortinet employees out there, the ticket is 2362207.

 

bks

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40
bdouble

I am having this exact same issue with a 60E and 221B AP, and an HP printer connected by ethernet to the internal interface. My firmware is 5.4.5. 

bshimkus
New Contributor III

bdouble wrote:

I am having this exact same issue with a 60E and 221B AP, and an HP printer connected by ethernet to the internal interface. My firmware is 5.4.5. 

I was able to "fix" the issue.  I ended up creating a software switch on the FortiGate-60E that contained the physical interface the printer was connected to and the SSID's on the FortiAP-224D.

 

Presto!  It worked.  I was able to AirPrint from iPhone and an OSX 10.12.x client.  Extended features such as scanning worked as well from the MFP.

 

I mess with multicast policies for a solid hour and then just gave up.  I really did like the idea of separate networks for 2.4Ghz, 5Ghz, and wired connections, but it did complicate things.  I would have loved to been able to brag to my network buddies that I figured it out, but I guess I'll have to wait another day. :)

 

Even though I have FortiOS 5.6.2 on the FortiGate, these instructions still provided good guidance:

 

http://cookbook.fortinet.com/combining-wifi-and-wired-networks-with-a-software-switch/

 

I hope that helps!

 

bks

 

 

 

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40

FortiGate-60E, 2 x FortiAP-224D, FortiSwitch FS-108D-POE, FortiRecorder-100D, 3 x FortiCam-FD40
bdouble

I will give this a try if I can't get my existing configuration to work. I am using hardware switch mode, with a WiFi SSID that is bridged to the hardware switch interface. I've read in another thread that using DHCP address reservation for the wifi clients that need to access print services is a possible solution, so I've done that and so far so good - no issues so far but haven't had a lot of print activity or clients connected as of yet.

 

In general I would expect the hardware switch mode to be more performant than a software switch? 

 

I am not too excited about converting the hardware switch to a software switch, as I'll have to re-create all of the policies and address aliases I already have set up and running. It'll be a last resort solution for me, let's hope that using DHCP reservation will fix this. Or that there's some other solution that doesn't require me to completely re-create the interfaces I'm using!

MikePruett
Valued Contributor

When I have to make drastic changes like that I just backup the config and start finding and replacing items.

 

- create dummy interface

- backup config

- replace existing interface with new dummy interface

- load config

- perform soft switch configuration with appropriate members

- backup config

- replace dummy interface with new created interface

- load config

 

Something like that. I usually do all the edits initially but I have a decent amount of time and familiarity with the how it should look to save the first load config and preconfigure

Mike Pruett Fortinet GURU | Fortinet Training Videos
bdouble

I think I'm going to have to change the hardware-based switch interface I have set up, to a software switch, to solve this problem. DHCP reservation does not seem to be working for me. 

 

I'd still really love to know why an interface group in hardware switch mode, with a bridged wifi SSID will have something going on that will cause printers to disconnect, while a software switch mode interface with a bridged wifi SSID will not exhibit this problem. This seems inexplicable to me. I'd call that a bug rather than a feature... 

 

How much of a performance hit does a fortigate unit take when running a softswitch, vs. a hardware switch?

bdouble

After doing the work to create a software switch, this did not solve my problem.

 

What did solve my problem (and probably would have solved it when I had a hardware switch configuration) is to remove the printer from the Mac computers, and re-install it - but, instead of using the default Bonjour-based discovery of the printer, I used Internet Printing Protocol and specified the IP address of the printer directly (which means you need a static IP, or a reserved DHCP address). 

 

This completely solved the issue for me. I think the "sleep" function is kinda broken on HP's printers, Bonjour-based protocols are shut down during sleep mode. But, using a direct IP address connection seems to wake the printer when a print job is submitted, as expected... 

 

Hope this helps other folks avoid messing around with their otherwise working Fortigate solution - the issue ultimately had nothing to do with the Fortigate. 

DiegoRJC

Im having the same issue at a client of mine.. - It was working perfectly with SonicWall, now with Fortinet it has been an issue and the client is NOT happy

 

 

bdouble wrote:

After doing the work to create a software switch, this did not solve my problem.

 

What did solve my problem (and probably would have solved it when I had a hardware switch configuration) is to remove the printer from the Mac computers, and re-install it - but, instead of using the default Bonjour-based discovery of the printer, I used Internet Printing Protocol and specified the IP address of the printer directly (which means you need a static IP, or a reserved DHCP address). 

 

This completely solved the issue for me. I think the "sleep" function is kinda broken on HP's printers, Bonjour-based protocols are shut down during sleep mode. But, using a direct IP address connection seems to wake the printer when a print job is submitted, as expected... 

 

Hope this helps other folks avoid messing around with their otherwise working Fortigate solution - the issue ultimately had nothing to do with the Fortigate. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors