Zyxel USG60 blocks smtp traffic

Paul_C
Paul_C Posts: 3
Hi Everyone,

im repurposing our old router to one of our office and it works great until we configured multiple printers with corresponding scan to emil setup (using Gsuite BTW)
and it only allows 1 printer to do scan to email.

already checked policy, theres is no blocking, created smtp object and policy and had it allowed still to no avail. Any help would be greatly appreciated.

Below is the screenshot of the issue I got from printer


All Replies

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @Paul_C,

     

    Can you share some information with us;

    1-    Can you scan emails with multiple printers if you disable Policy Control?

    (Configuration > Security Policy > Policy Control)

    2-    Can you draw your topology and share with us?

    3-    Did you configure your printers properly? You can also check following article that related this issue;

    https://support.hp.com/us-en/product/hp-laserjet-pro-mfp-m428-m429-series/19202485/document/c04566415
  • Paul_C
    Paul_C Posts: 3
    Hi Zyxel_Can,

    thank you for replying, for your question No. 1 Nope I cant scan to multiple scanner even if the policy control is disabled, and I can scan without any issues if I'm using our Dlink router. 

    for the topology its basic ISP>Zyxel Firewall> cisco switch>devices

    for the printers like what I said all printers is working properly and can do scan to email without any issue when were using Dlink router or any other router
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi Paul_C
    in a company that i manage several devices are sending SMTP messages. On TLS. And the gatway, in a site, is an USG60. It has been this device since several versions and the firewall policies are currently enforced.

    Therefore, IMVHO, some outgoing existing rules (from LAN1/2 to the site of the SMTP server) needs tweaking...
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @Paul_C,

     

    1- Can you try Maintenance > Diagnostics > Network Tool > NSLOOKUP IPv4 menu for your smtp server and see if it returns valid data?


    2- When you perform scan to e-mail, can you share your Monitor > Log menu’s output and share into this post?

    3- Can you check if any policy route rule influence that traffic?
    (Configuration > Network > Routing > Policy Route)
  • CHS
    CHS Posts: 177  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi Paul_C

    There are similar issue in HP forum: https://h30434.www3.hp.com/t5/LaserJet-Printing/SMTP-Settings-for-HP-Printers/td-p/6703482

    You can have a check if printer configured correct IP/DNS address first.
    And make sure SMTP traffic is allowed from printer & mail server in your network.
    You may capture packet when testing printer network status and share packets on thread.
  • Paul_C
    Paul_C Posts: 3
    Hi Zyxel_Can,

    thank you for replying, for your question No. 1 Nope I cant scan to multiple scanner even if the policy control is disabled, and I can scan without any issues if I'm using our Dlink router. 

    for the topology its basic ISP>Zyxel Firewall> cisco POE switch>Devices and printer

    for No.3 like what I said in the first question all is working fine with a different router and problem only shows when I replaced the dlink router with Zyxel usg 60
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment
    Hi @Paul_C,

    Thank you for sharing information.

    Did you try the steps I mentioned in the following message;
    Zyxel_Can said:

    Hi @Paul_C,

     

    1- Can you try Maintenance > Diagnostics > Network Tool > NSLOOKUP IPv4 menu for your smtp server and see if it returns valid data?


    2- When you perform scan to e-mail, can you share your Monitor > Log menu’s output and share into this post?

    3- Can you check if any policy route rule influence that traffic?
    (Configuration > Network > Routing > Policy Route)

  • Cofix
    Cofix Posts: 1
    edited June 2021
    Hi guys , i have the same problem with USG60 -  all printers HP can't send via smtp....
    # host -a smtp.office365.com
    Trying "smtp.office365.com"
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56694
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 11

    ;; QUESTION SECTION:
    ;smtp.office365.com. IN ANY

    ;; ANSWER SECTION:
    smtp.office365.com. 300 IN CNAME outlook.office365.com.

    ;; AUTHORITY SECTION:
    office365.com. 168723 IN NS nse12.o365filtering.com.
    office365.com. 168723 IN NS nse13.o365filtering.com.
    office365.com. 168723 IN NS nse21.o365filtering.com.
    office365.com. 168723 IN NS nse24.o365filtering.com.
    office365.com. 168723 IN NS ns1-38.azure-dns.com.
    office365.com. 168723 IN NS ns2-38.azure-dns.net.
    office365.com. 168723 IN NS ns3-38.azure-dns.org.
    office365.com. 168723 IN NS ns4-38.azure-dns.info.

    ;; ADDITIONAL SECTION:
    nse12.o365filtering.com. 81 IN A 104.47.38.8
    nse13.o365filtering.com. 81 IN A 104.47.2.8
    nse21.o365filtering.com. 81 IN A 104.47.40.8
    nse24.o365filtering.com. 81 IN A 104.47.121.8
    ns1-38.azure-dns.com. 3162 IN A 150.171.10.38
    ns1-38.azure-dns.com. 3162 IN AAAA 2603:1061:0:10::26
    ns2-38.azure-dns.net. 204 IN A 150.171.16.38
    ns2-38.azure-dns.net. 204 IN AAAA 2620:1ec:8ec:10::26
    ns3-38.azure-dns.org. 204 IN A 13.107.222.38
    ns3-38.azure-dns.org. 204 IN AAAA 2a01:111:4000:10::26
    ns4-38.azure-dns.info. 204 IN A 13.107.206.38

    Received 498 bytes from 127.0.0.1#53 in 52 ms


    Firewall OFF- no result 
    Firewall ON - no result..... this happend on 5 may 2021
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @Cofix,

     

    If disabling firewall settings still don’t allow your HP printer to send e-mail, that means SMTP packets were not dropped by USG60.

     

    1-    Can you draw your topology and post into this forum topic?

    2-    Did you configure your printers properly? You can also check following article that related this issue;

                   https://support.hp.com/us-en/product/hp-laserjet-pro-mfp-m428-m429-series/19202485/document/c04566415

     

    3-    When you perform scan to e-mail, can you share your Monitor > Log menu’s output and share into this post?

     

    4-    Can you check if any policy route rule influence that traffic?
    (Configuration > Network > Routing > Policy Route)

     

     

            Also, as @CHS mentioned before you can find the link he provided for the SMTP settings of HP printers:

    https://h30434.www3.hp.com/t5/LaserJet-Printing/SMTP-Settings-for-HP-Printers/td-p/6703482


Security Highlight