hiho,

I have the following setup:

printer -> switch -> FGT -> Modem/Router -> Internet

We do scan 2 mail on the printer.

It is set up to send mail via our mailserver.

IP-range of the printer has a policy for internet access without any security profiles.

the order of the policies should be correct so this policy should match first (and Policies go exempt).

FGT is in both affected places a FGT100E with FortiOS 5.4.x on it.

FGT is also doing volume based load balancing over all the internet lines connected to it.

It does not matter if the WANs are connected in bridge mode doing pppoe or using static ip setup since both cases are affected.

This did not occure everywhere before we exchanged our FGTs (Uprade to 100E and v5.4 from 80C with v5.2).

The config on the 100E was set up new from scratch because it was added to our new FMG. So there should not be any upgrade path whoes here. Upgrades on 5.4 were done accoarding to the upgrade path specified by Fortinet.

Both affected Shops have three WANs.

What occures is the following:

If you start a scan2mail job on printer, the printer connects to our mailserver successfully (you see it in the mailserver log. It even will do SMTP Auth and/or TLS if you set it to do that.

But after the successfull out (SMTP DATA) nothing more happens. No mail gets handed over. Finally the Mailserver closes the connection due to timeout (Timeout after DATA).  

Looks to me like if something makes the printer think it lost the connection so it stops communicating and finally errors out with a comm error.

It e.g. does not occour at all here at our office and we have a FGT100E with 5.4 too. The printer is the same brand as over there. The only difference is a) our FGT is not in the FGM and b) we only have two WANs here.

Even Fortinet TAC could not explain that up to now and the Printer support does not have a solution too.

Maybe someone here in community has had that or similar and can provide me with some advice or tip?

cheers

Sebastian