We have a server sitting in the DMZ which have printers defined to print to our campus printers. We have 2 printers, via port 515 and 9100. The firewall rules are setup correctly and I can telnet successfully to both printer’s IP via their respective ports.
One problem though was that both printers keeps appearing offline in the printers folder. I restarted the spooler and both printers became ready, but the moment I tried to print something, even test print, the printers became offline immediately.
Since this is behind the firewall, the most logically conclusion why this is happening is that the Windows spooler somehow could not get any status of the printers in the campus. However, I could see from netstat that we are connected to the printer ports successfully.
A check with our network guys found that the firewall was rejecting traffic going to UDP 161 and that was the reason!
In campus, when we setup the printer ports in Windows 2003 print server, we would allow the auto-detect feature to work and setup the port accordingly. So when I implemented this on the server in the DMZ, I used the same printer port configuration and one of the settings has “SNMP Status Enabled” checked. The caused the spooler to poll for status via SNMP port, i.e 161 which is blocked and hence the server status went offline.
Once I unchecked this settting on the port configuration, the printer status were back to ready and printing was successful from the DMZ.