Labels

FortiGate: How to setup AirPrint

Going to replace the printer to support AirPrint as members are mainly to run iPad(s), 

First, require to ensure which printer supports AirPrint:

Because the iPad(s) are running on a different network, need to deploy policies on the FortiGate Firewall.


How-to
Following - https://stantsui.blogspot.com/2018/04/fortigate-airprint-across-two.html - to set it

config firewall multicast-address

    edit "Bonjour"

        set start-ip 224.0.0.251

        set end-ip 224.0.0.251

    next

end


show firewall multicast-address Bonjour



config firewall service custom

   edit "IPP"

      set category "Network Services"

      set comment "Internet Printing Protocol (IPP)"

      set tcp-portrange 631

   next

   edit "PDL"

      set category "Network Services"

      set comment "PDL (Printing) Data Stream"

      set tcp-portrange 9100

   next

end



config firewall multicast-policy

    edit 1

        set logtraffic enable

        set srcintf "lan"

        set dstintf "WiFi-01"

        set srcaddr "Printer01"

        set dstaddr "Bonjour"

        set protocol 17

        set end-port 5353

    next

    edit 2

        set logtraffic enable

        set srcintf "WiFi-01"

        set dstintf "lan"

        set srcaddr "all"

        set dstaddr "Bonjour"

        set protocol 17

        set end-port 5353

    next

end



config firewall policy

   edit 101

      set srcintf "WiFi-01"

      set dstint "lan"

      set srcaddr "all"

      set dstaddr "Printer01"

      set action accept

      set schedule "always"

      set service "IPP" "PDL"

      set logtraffic disable

   next

end




Glossary
Bonjour locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records.


References
https://stantsui.blogspot.com/2018/04/fortigate-airprint-across-two.html

Technical Tip: Airprint multicast forwarding between two different subnets
https://kb.fortinet.com/kb/documentLink.do?externalID=FD49197

Enabling multicast forwarding
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/21554/enabling-multicast-forwarding



Update
Labels: