PrintServer Issue

Skyybenzz · ‎12-21-2022

Hi all!

I have a Fortigate 30E with multiples VLANs
Corpo = Vlan10
Printers = Vlan13

For testing puposes all services are allowed and all security profiles have been disabled

so the issue im having is intermittent printing from the print server... server says the printer is offline then print many minutes after (30min - 2hours).
when the error occur, i can ping the printer fine from the said server and nmap TCP scan show the ports open. BUT when the printing is not working, nmap UDP scans show ports : open | filtered

while it work, thoses same scans show : open

ive tried resetting printers, changing drivers, using LDP or RAW, disabling SNMP but nothing works

** when printer start working again, it work for at least 5mins without delay before the job start

the issue is with multiples printers from multiples brand & models

Wireshark on printer subnet show no traffic from the printServer

Fortigate : v6.2.11 build1303 (GA)
PrintServer : Windows 2022 (for testing, uninstalled AV & disabled firewall)

when putting the Print server on the same subnet, all is fine and there is no issue

Skyybenzz · ‎12-22-2022

Anyone ?

seshuganesh · ‎12-23-2022

Hello,

During the time of issue, can you collect these logs:

diag debug reset

diag debug flow filter clear

diag debug flow filter addr <printer-ip>

diag debug flow show function-name enable

diag debug flow trace start 10000

diag debug enable

Once you execute these commands you can disable debug by executing this command "diag debug disable"

Skyybenzz · ‎12-23-2022

# diag debug reset

# diag debug flow filter clear

# diag debug flow filter addr 192.168.20.204

# diag debug flow show function-name enable
show function name

# diag debug flow trace start 10000

# diag debug enable

FortiGateName # id=20085 trace_id=1 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=1 func=init_ip_session_common line=5858 msg="allocate a new session-00a01f0d"
id=20085 trace_id=1 func=vf_ip_route_input_common line=2581 msg="find a route: flag=04000000 gw-192.168.20.204 via lan"
id=20085 trace_id=1 func=fw_forward_handler line=785 msg="Allowed by Policy-31:"
id=20085 trace_id=2 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=2 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f0d, original direction"
id=20085 trace_id=3 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=3 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f0d, original direction"
id=20085 trace_id=4 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=4 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f0d, original direction"
id=20085 trace_id=5 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=5 func=init_ip_session_common line=5858 msg="allocate a new session-00a01f49"
id=20085 trace_id=5 func=vf_ip_route_input_common line=2581 msg="find a route: flag=04000000 gw-192.168.20.204 via lan"
id=20085 trace_id=5 func=fw_forward_handler line=785 msg="Allowed by Policy-31:"
id=20085 trace_id=6 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=6 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f0d, original direction"
id=20085 trace_id=7 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=7 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=7 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=8 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=8 func=init_ip_session_common line=5858 msg="allocate a new session-00a01fce"
id=20085 trace_id=8 func=vf_ip_route_input_common line=2581 msg="find a route: flag=04000000 gw-192.168.20.204 via lan"
id=20085 trace_id=8 func=fw_forward_handler line=785 msg="Allowed by Policy-31:"
id=20085 trace_id=9 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=9 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01fce, original direction"
id=20085 trace_id=10 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=10 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01fce, original direction"
id=20085 trace_id=11 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=11 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01fce, original direction"
id=20085 trace_id=12 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=12 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=12 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=13 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=13 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01fce, original direction"
id=20085 trace_id=14 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=14 func=init_ip_session_common line=5858 msg="allocate a new session-00a020b8"
id=20085 trace_id=14 func=vf_ip_route_input_common line=2581 msg="find a route: flag=04000000 gw-192.168.20.204 via lan"
id=20085 trace_id=14 func=fw_forward_handler line=785 msg="Allowed by Policy-31:"
id=20085 trace_id=15 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=15 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a020b8, original direction"
id=20085 trace_id=16 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=16 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=16 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=17 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=17 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a020b8, original direction"
id=20085 trace_id=18 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=18 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=18 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=19 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=19 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=19 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=20 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=20 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a020b8, original direction"
id=20085 trace_id=21 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=21 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=21 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=22 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=22 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=22 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=23 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=23 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a020b8, original direction"
id=20085 trace_id=24 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=24 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=24 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=25 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=25 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=25 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=26 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=26 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=26 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=27 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=27 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=27 func=ipv4_fast_cb line=53 msg="enter fast path"

Skyybenzz · ‎12-23-2022

I just did a router Pcap and see Retransmission
Pcap is from Printer interface

Fikusir · ‎12-30-2022

Not sure if it is the same issue, but I had similiar situation there. Helped me to create Policy between printers and servers with NAT enabled.

IT Specialist