How to set up firewall to isolate a printer
I'm troubleshooting a difficult issue with a particular family of Lexmark printers that are in use in our office. We have issues where the printer suddenly shows "Busy" on the screen and flashes the green LED and sits there, hung, until it is rebooted. It happens every couple of days. It happens on ALL of our Lexmark printers, and none of our other printers (e.g. Xerox, HP, Brother).
I've reached Level 3 support with Lexmark, and they want to rule out an issue with my network. They are considering the possibility that some kind of rogue or unwanted traffic on the network is causing the printer to hang.
I've offered to put in a firewall that I can use to isolate this printer from the rest of the network and to only allow specific traffic from a few specific computers, in order to rule out a network issue.
I've attached a picture of our network. We have a fairly simple office LAN, but we also have a guest WiFi network and a third party management provider has set up their own proprietary network and equipment that co-exists with our own, and we are not allowed to touch that equipment.
About 10 people use this printer, I don't want to spend a ton of money on a firewall.... and I am hoping there's something fairly simple I can put in that can accomplish this.
Can you suggest what I should do?
I'm imagining putting some sort of firewall infront of the printer like so:
But maybe there's a different way it should be done?
I've reached Level 3 support with Lexmark, and they want to rule out an issue with my network. They are considering the possibility that some kind of rogue or unwanted traffic on the network is causing the printer to hang.
I've offered to put in a firewall that I can use to isolate this printer from the rest of the network and to only allow specific traffic from a few specific computers, in order to rule out a network issue.
I've attached a picture of our network. We have a fairly simple office LAN, but we also have a guest WiFi network and a third party management provider has set up their own proprietary network and equipment that co-exists with our own, and we are not allowed to touch that equipment.
About 10 people use this printer, I don't want to spend a ton of money on a firewall.... and I am hoping there's something fairly simple I can put in that can accomplish this.
Can you suggest what I should do?
I'm imagining putting some sort of firewall infront of the printer like so:
But maybe there's a different way it should be done?
can you reset the network settings on the printers, try one at first and see what happens.
ASKER
Hi Tolinrome,
Believe me we have done TONS of testing and troubleshooting, and we've done everything obvious to troubleshoot the printer including:
- Reset to factory defaults
- Try different drivers (PCL5e vs PS vs the Lexmark Universal drivers)
- Try installing the printers and software manually instead of deploying them via Group Policy
- Changing IP address of printer, forcing the network speed / duplex settings on the printer
- Try different computers
- Checked all the network cabling and terminations
Whatever is happening, it is weird, and very low level. We're thinking a bug in the Lexmark software/hardware/firmware
So far as I know, we have had this problem since day 1. Unfortunately we purchased a bunch of these printers from a third party vendor who we are no longer doing business with. Lexmark has done a warranty exchange on several of the printers, and the replacements exhibited the same problem. Lexmark refuses to take all of the printers back directly and the reseller won't deal with us anymore.
We have several Lexmark MS310, MS510, MS810, and a multifunction MX310 in use in the office that all exhibit the problem.
We have a couple Xerox Workcentre printers and a couple Brother printers, and an HP that are not exhibiting any problems.
I took a couple of the problematic MS310 printers and connected them via USB to the one computer that was using it. Those printers are working perfectly now.
So definitely the Lexmarks are the common denominator, and something is definitely wrong with the product, but they are of the opinion that the problem is being caused by my network. At this point I'm just trying to appease them and rule it out (or at least isolate the problem, maybe the firewall's logs will shed some light on what's going on if it is indeed the network).
If I go much higher up the tech support chain with these guys I'm going to be talking to their engineers :P
Believe me we have done TONS of testing and troubleshooting, and we've done everything obvious to troubleshoot the printer including:
- Reset to factory defaults
- Try different drivers (PCL5e vs PS vs the Lexmark Universal drivers)
- Try installing the printers and software manually instead of deploying them via Group Policy
- Changing IP address of printer, forcing the network speed / duplex settings on the printer
- Try different computers
- Checked all the network cabling and terminations
Whatever is happening, it is weird, and very low level. We're thinking a bug in the Lexmark software/hardware/firmware
So far as I know, we have had this problem since day 1. Unfortunately we purchased a bunch of these printers from a third party vendor who we are no longer doing business with. Lexmark has done a warranty exchange on several of the printers, and the replacements exhibited the same problem. Lexmark refuses to take all of the printers back directly and the reseller won't deal with us anymore.
We have several Lexmark MS310, MS510, MS810, and a multifunction MX310 in use in the office that all exhibit the problem.
We have a couple Xerox Workcentre printers and a couple Brother printers, and an HP that are not exhibiting any problems.
I took a couple of the problematic MS310 printers and connected them via USB to the one computer that was using it. Those printers are working perfectly now.
So definitely the Lexmarks are the common denominator, and something is definitely wrong with the product, but they are of the opinion that the problem is being caused by my network. At this point I'm just trying to appease them and rule it out (or at least isolate the problem, maybe the firewall's logs will shed some light on what's going on if it is indeed the network).
If I go much higher up the tech support chain with these guys I'm going to be talking to their engineers :P
Is there anyway to reinstall the firmware to a previous or newer version? It has to be something specificc to Lexmark. Has any google searches brang up anything?
For it to happen every couple of days seems that its something coming from the printer.
Does it cause any network issues though? Are people complaining of anything when this happens? It could even be the network cards on the printer are causing it by the driver or firmware version, try updating them.
For it to happen every couple of days seems that its something coming from the printer.
Does it cause any network issues though? Are people complaining of anything when this happens? It could even be the network cards on the printer are causing it by the driver or firmware version, try updating them.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is this the whole network Diagram? If you have any old switches I would start there on any smaller switches that may be broadcast at 100 Mbps I would replaces them with gigabit switches first, I think you're having some sort of a broadcast storm that is being caused by an older device on the network that may not be configured properly.
ASKER
Francisco - there's a bunch of other stuff on the network (mostly desktop workstations, unmanaged switches dotted around the office, and about 8-10 more printers). Is there an easy way I can detect this broadcast storm? I've used wireshark a bit but not enough to really make sense of what I'm seeing. Is there a more straightforward way to detect anomalous behavior on the network?
Mike - what kind of firewall should I put in? I was thinking of just putting a consumer grade router in, make the 192.168.23.0/24 network be on the "WAN" port and put the printer on a "LAN" port on the 192.168.1.0/24 network. Then configure port forwarding. The router I have in mind can allow connections based on the source IP address, so I can allow traffic in from just a couple computers.
I figure the consumer router's firewall and NAT gateway would neatly shield the printer from any weird stuff happening on the 192.168.23.0/24 network... and it's pretty cheap. What do you think?
Mike - what kind of firewall should I put in? I was thinking of just putting a consumer grade router in, make the 192.168.23.0/24 network be on the "WAN" port and put the printer on a "LAN" port on the 192.168.1.0/24 network. Then configure port forwarding. The router I have in mind can allow connections based on the source IP address, so I can allow traffic in from just a couple computers.
I figure the consumer router's firewall and NAT gateway would neatly shield the printer from any weird stuff happening on the 192.168.23.0/24 network... and it's pretty cheap. What do you think?
That would be fine and would also keep the cost down, you could if you have a spare PC lying about use something like PFSense but it maybe easier and cheaper (your time) to buy a cheap FW as above.
1. What has just changed in the network etc, anything?
2, How are these printers different than the others, IP addresses, etc.
3. Do they do automatic updates for firmware etc and now the updates messed something up.