Sophos XG Firewalls Printer Delay or Not Printing at all

We have serval offices (Well over 30 locations) that experience printing issues when going through our Sophos XG (115/125) Firewalls. 

When printing, the printer can take up to 5 to 30 minutes before it will print. If we remove the Sophos Devices, printing returns to normal, less then a second to print.

We noticed It mostly effect the Epson TM- Receipt printers on Port 9100 but other printers are reported to experience problems from time to time.

The communication for which the print job is received can very, it's not specific to the media, such as standard ethernet, VPN, MPLS.

Firmware is up to date and all advance features is turned off. Doing a packet captures show the print job hitting the correct firewall rules with not type of inspection or

filtering turned on. If we bypass or even replace the firewall with an ASA, Sonic Wall, FortiGate then the issues no longer happens.

Any advise ??? Thanks, Keith 



Added TAGs
[edited by: emmosophos at 4:18 PM (GMT -8) on 24 Nov 2021]
  • You probably have an IPS rule, or maybe DPI inspection rule, affecting it.  Have you tried starting a support case at support sophos.com?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Thanks for the Assistance...

    I have made sure all those features were turned off! I also tried in transparent mode vs routed mode. Nothing helps. I have worked with sophos  support and to be completely honestly it has been a complete waste of time. We went round robin for at least 6 month with the same response

    "Your remote access expired can you please reenable it on the devices" Or

    "You will have a response by xxx date which then gets passed to another technician."

  • Do you have DOS Protection enabled? Are there drops on the GUI about DOS?

    You could try to check a packet capture of such a job, if you know the service ports. Then try to compare them in wireshark, if you find a anomaly. 

    Also a useful information: Do a print job and at the same time a 'drppkt | grep IP ' on the advanced shell. It will show you some advanced drops. 

    __________________________________________________________________________________________________________________

  • I don't believe so, I have nothing enabled in that section and counter are set to zero.

    Also, it still print but it can very from 30 seconds, 5 minutes, and sometimes it can take up to 30 minutes to print.

  • Hello,

    Keith, what is you XG firmware version ?

    I am the same problem with a fresh installed XGS 18.5.1 :

     - Printing is good for Xeros

     - Printing is KO for Toshiba

    File is transferring the printer, but never full sent.

    I have a lot of dropped traffic "Invalid_Traffic ".

    XGS3100_RL01_SFOS 18.5.1 MR-1-Build326# drppkt host 10.10.0.42

    Date=2021-11-25 Time=11:06:37 log_id=010202123 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=1 outzone_id=1 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.10.240.164 dest_ip=10.10.0.42 l4_protocol=TCP source_port=53705 dest_port=9100 fw_rule_id=99 policytype=1 live_userid=751 userid=24 user_gp=1 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=2 gateway_offset=0 connid=1271163072 masterid=0 status=392 state=1, flag0=10997265858600 flags1=1099520016384 pbdid_dir0=0 pbrid_dir1=0

    2021-11-25 11:06:38 010202123 IP 10.10.240.164.53705 > 10.10.0.42.9100 : proto TCP:  4086485693:4086485693(0) ack 1069613387 win 1026 checksum : 34001
    0x0000:  4500 0034 508c 4000 8006 3818 c0a8 f0a4  E..4P.@...8.....
    0x0010:  c0a8 002a d1c9 238c f392 d2bd 3fc1 014b  ...*..#.....?..K
    0x0020:  8010 0402 84d1 0000 0101 050a 3fc1 014a  ............?..J
    0x0030:  3fc1 014b                                ?..K
    Date=2021-11-25 Time=11:06:38 log_id=010202123 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=1 outzone_id=1 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.10.240.164 dest_ip=10.10.0.42 l4_protocol=TCP source_port=53705 dest_port=9100 fw_rule_id=99 policytype=1 live_userid=751 userid=24 user_gp=1 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=2 gateway_offset=0 connid=1271163072 masterid=0 status=392 state=1, flag0=10997265858600 flags1=1099520016384 pbdid_dir0=0 pbrid_dir1=0

    My rule is very simple :

    • LAN > LAN Printers Port 9100
    • Log : ON
    • No IPS, No App Control, No Shape, ...

    I will open a case.

    Is XGS version 18.5MR1 stable ?

  • Thanks Thomas. Sound like we have the same problem. My larger printers (konica minolta, xerox) also doesn't seem to have the issue. Its the smaller ones, especial our Epson receipt printers. At first I thought it was the VPN but I also have devices have trouble  running mpls and just ethernet. Some devices are also in transparent mode and experience the problem as well. All my devices are currently running 18.5.1, but we had this problem for over a year now, so I assume it was an issue on prior versions. Thanks