I'm having a problem with Canon printers communicating with an external IP (Canon site). They are trying to communicate to a particular IP on port 443 (simple, right?) but they aren't contacting the destination. I checked my Palo monitor and didn't see anything wrong but I thought I'd create fresh rules just for these printers. So, I've setup rules to: NOT decrypt packets from the printer subnet Allow all from From Zone: Trust To Zone: Untrust Source Address: Printer Subnet Destination Address: ANY Service: Custom service - TCP / Destination port 443 / Source port > 0 I've set the rule to log at session start and end. I see the attempted communication alongside the correct rule and an allow. But, the application appears as "incomplete". The printers cannot contact the remote IP. I've connected up one of these printers to a DSL line that doesn't traverse the Palo and it works. If I try to browse to the IP from a web browser via the Palo, it works and I see the application appear correctly in the Palo monitor... See below (bottom one is me browsing via web and top one is from printer subnet): Any ideas on this? I've tried manipulating security rules, decryption rules, services, etc with no success. I really want to blame it on the Canon printers, but as they work over DSL, I can't Thanks in advance!!!
... View more