This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

brother printer

Hi, i'm Claudio from Italy

first of all compliment for this great forum, it's fantastic!

I have the subsequent problem: i have bougth a Brother multifunction, when i try to check the presence of firmware update is impossible to connect to the server.

I have done the subsequent things: with a network tap i have verified that the printer want to connect to "firmverup.brother.co.jp": i have created a profile in  "web protection/filtering options" an expeption "from Brother_multifunction skip all control to   Matching these URLs firmverup.brother.co.jp" but with no success. The same problem occur with qnap nas and Netatmo relè. Can you help me please? Thank you in advance.



This thread was automatically locked due to age.
  • Hi Claudio

    I have several species of Qnap and they do prompt me (via their web interface) when a new firmware is available, then when I elect to accept it, the Qnap does download and install it okay. For Qnap, I have an anything.qnap.com expression, as is shown below:

    ^https?://[A-Za-z0-9.-]*\.qnap\.com/

    At the moment, it's in one of the few groups where almost everything is bypassed, as per the below:

    Skip checks: Block by download size / Sandstorm / Extension blocking / MIME type blocking / URL Filter / Content Removal / SSL scanning / Certificate trust check / Certificate date check

    Obviously, some of these are unnecessary, but I've never bothered to slim down that list (laziness on my part).

    I do have a Brother MFC-L2740DW but I have always manually applied updates, but assuming there's an update feature available via its web interface, I'll try it tomorrow and see if I can get it to work (assuming that there's an update available for it, that is). Obviously, the first place to look at is the UTM's web filter logs - which might reveal which site it's attempting to contact - but for anything that necessitates a deeper dive (in other words, if nothing obvious appears from looking at the web filter logs) there's a great Sophos tutorial at https://community.sophos.com/kb/en-us/134286 and I've used that to find out which sites some iThing apps call home to.

    As an example of the need to do the above, the BBC iThing weather applet was not working, so clearly it was calling back to somewhere other than bbc.co.uk (for which I did already have an exception) and by using the above trick (and that was the only way I managed to work it out) I discovered that instead of it calling home to bbc.co.uk, it was trying to reach bbci.co.uk, so after amending my existing bbc exception to optionally facilitate the 'i' version (so ^https?://[A-Za-z0-9.-]*\.bbci?\.co\.uk/), the BBC weather app then worked.

    Incidentally, a quick tip: It does take a bit of digging to find the site entry in the Wireshark list, so the best way is to filter the capture (so in your case, to the IP of your printer) then start the capture, quickly try requesting the update (or whatever you're trying to make work) then stop the capture as quickly as possible after that (thus shortening the potential length of the capture listing). I'd not expect the printer to generate a big list (so no need to worry about a swift start/stop procedure) but for something that's very network 'noisy' like an iPhone, even using that trick can land you with a couple of thousand Wireshaerk lines to dredge through.

    The reason I'm covering all that is that whilst I do have a Brother printer, I don't have a Netatmo relè, so you might have to do down the above road in order to find out where it's trying to call home to, though another (and nice and lazy) route would be to contact the manufacturer and ask then which site(s) their device tries to call home to.

    Hopefully I'll have time to try that with the printer tomorrow, but if not, that is the way I'd suggest tracking the unknown site that it's attempting to reach when checking for the firmware update (or of course, the slightly slower route of sending a question to Brother technical support and asking them).

    Hope that helps

    Briain

    NB I'm using Sophos UTM with a home license, with it being configured in transparent mode (and https inspection, obviously) and I'm also also using UTM to deliver a PAC file to facilitate proxy auto configuration for my web browsers (to force all ports - not just 80 and 443 - through the UTM, unless they're permitted via specific entries in the PAC file) so things are reasonably well 'nailed down' up here in draughty Edinburgh (and it sure is mighty draughty, this afternoon)!. :-)

  • Hi

    Sorry for the delay but I just did the pcap capture and Wireshark thing for my printer and yes, when requesting a firmware check via the Brother MFC-L2740DW's web interface, I could see that it first called home (SSL) to update.brother.co.jp and then after that, there were a few (TCP) exchanges between my printer and 13.33.54.2 (which an nslookup showed to be server-13-33-54-2.man50.r.cloudfront.net).

    It all appeared to go as expected and in my case, the Brother web interface informed me that I the printer was already using the latest firmware (and having then looked at their site, that appears to be the case) so I cannot guarantee that had a new version been available, it would have successfully found and installed it, though it certainly looks as though it would have done (we'll just have to wait for a new firmware version to appear and then I'll be able to test it). Incidentally, I didn't have any exceptions for update.brother.co.jp, but I tried adding one and it made no difference to the exchange (other than it being to a different Cloudfront server). 

    Kind regards

    Briain

  • Ciao Claudio and welcome to the UTM Community!

    If Web Filtering is configured in Transparent mode, create a DNS Group object for firmverup.brother.co.jp and place that in the 'Skip Transparent Mode Destination Hosts/Nets' list on the ' Misc' tab of 'Filtering Options'.  Does that now work for you?

    You probably have similar issues with the other two devices.  Search on their IPs in the Web Filtering log file to see what FQDNs they're having trouble with.

    Cheers - Bob 

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA