Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Skyybenzz
New Contributor

PrintServer Issue

Hi all! 

 

I have a Fortigate 30E with multiples VLANs 
Corpo = Vlan10
Printers = Vlan13

 

For testing puposes all services are allowed and all security profiles have been disabled

 

so the issue im having is intermittent printing from the print server... server says the printer is offline then print many minutes after (30min - 2hours).
when the error occur, i can ping the printer fine from the said server and nmap TCP scan show the ports open. BUT when the printing is not working, nmap UDP scans show ports : open | filtered

while it work, thoses same scans show : open

 

ive tried resetting printers, changing drivers, using LDP or RAW, disabling SNMP but nothing works

** when printer start working again, it work for at least 5mins without delay before the job start

 

the issue is with multiples printers from multiples brand & models

Wireshark on printer subnet show no traffic from the printServer

 

Fortigate : v6.2.11 build1303 (GA)
PrintServer : Windows 2022 (for testing, uninstalled AV & disabled firewall)

 

when putting the Print server on the same subnet, all is fine and there is no issue

5 REPLIES 5
Skyybenzz
New Contributor

Anyone ?

seshuganesh
Staff
Staff

Hello,

 

During the time of issue, can you collect these logs:

diag debug reset

diag debug flow filter clear

diag debug flow filter addr <printer-ip>

diag debug flow show function-name enable

diag debug flow trace start 10000

diag debug enable

 

Once you execute these commands you can disable debug by executing this command "diag debug disable"

Skyybenzz

# diag debug reset

# diag debug flow filter clear

# diag debug flow filter addr 192.168.20.204

# diag debug flow show function-name enable
show function name

# diag debug flow trace start 10000

# diag debug enable

FortiGateName # id=20085 trace_id=1 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=1 func=init_ip_session_common line=5858 msg="allocate a new session-00a01f0d"
id=20085 trace_id=1 func=vf_ip_route_input_common line=2581 msg="find a route: flag=04000000 gw-192.168.20.204 via lan"
id=20085 trace_id=1 func=fw_forward_handler line=785 msg="Allowed by Policy-31:"
id=20085 trace_id=2 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=2 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f0d, original direction"
id=20085 trace_id=3 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=3 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f0d, original direction"
id=20085 trace_id=4 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=4 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f0d, original direction"
id=20085 trace_id=5 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=5 func=init_ip_session_common line=5858 msg="allocate a new session-00a01f49"
id=20085 trace_id=5 func=vf_ip_route_input_common line=2581 msg="find a route: flag=04000000 gw-192.168.20.204 via lan"
id=20085 trace_id=5 func=fw_forward_handler line=785 msg="Allowed by Policy-31:"
id=20085 trace_id=6 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2488->192.168.20.204:515) from Corpo. flag [S], seq 716594529, ack 0, win 64240"
id=20085 trace_id=6 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f0d, original direction"
id=20085 trace_id=7 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=7 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=7 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=8 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=8 func=init_ip_session_common line=5858 msg="allocate a new session-00a01fce"
id=20085 trace_id=8 func=vf_ip_route_input_common line=2581 msg="find a route: flag=04000000 gw-192.168.20.204 via lan"
id=20085 trace_id=8 func=fw_forward_handler line=785 msg="Allowed by Policy-31:"
id=20085 trace_id=9 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=9 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01fce, original direction"
id=20085 trace_id=10 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=10 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01fce, original direction"
id=20085 trace_id=11 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=11 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01fce, original direction"
id=20085 trace_id=12 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=12 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=12 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=13 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2489->192.168.20.204:515) from Corpo. flag [S], seq 874848986, ack 0, win 64240"
id=20085 trace_id=13 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01fce, original direction"
id=20085 trace_id=14 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=14 func=init_ip_session_common line=5858 msg="allocate a new session-00a020b8"
id=20085 trace_id=14 func=vf_ip_route_input_common line=2581 msg="find a route: flag=04000000 gw-192.168.20.204 via lan"
id=20085 trace_id=14 func=fw_forward_handler line=785 msg="Allowed by Policy-31:"
id=20085 trace_id=15 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=15 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a020b8, original direction"
id=20085 trace_id=16 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=16 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=16 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=17 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=17 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a020b8, original direction"
id=20085 trace_id=18 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=18 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=18 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=19 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=19 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=19 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=20 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=20 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a020b8, original direction"
id=20085 trace_id=21 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=21 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=21 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=22 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=22 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=22 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=23 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=6, 10.25.25.244:2493->192.168.20.204:515) from Corpo. flag [S], seq 2134432123, ack 0, win 64240"
id=20085 trace_id=23 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a020b8, original direction"
id=20085 trace_id=24 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=24 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=24 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=25 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=25 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=25 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=26 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=26 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=26 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=27 func=print_pkt_detail line=5688 msg="vd-root:0 received a packet(proto=17, 10.25.25.244:53199->192.168.20.204:161) from Corpo. "
id=20085 trace_id=27 func=resolve_ip_tuple_fast line=5768 msg="Find an existing session, id-00a01f49, original direction"
id=20085 trace_id=27 func=ipv4_fast_cb line=53 msg="enter fast path"

Skyybenzz

Skyybenzz_0-1671804915653.png

I just did a router Pcap and see Retransmission
Pcap is from Printer interface

Fikusir
New Contributor II

Not sure if it is the same issue, but I had similiar situation there. Helped me to create Policy between printers and servers with NAT enabled.

IT Specialist
IT Specialist
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors