Printing traffic slow to print spooler through pfSense.



  • Hello,

    I have a pfSense box setup(1.2.3) on our network which is used to firewall outside traffic. I am in the process of making changes to our IP scheme and as a result our printer traffic is now going to be routed through the pfSense box to another network which we have internally (I will post a picture below). What I have been experiencing is very slow printing when going through the pfSense gateway. I have a static route setup so all traffic that will be headed for the new network (where the printers and other devices are located) will be routed to a different gateway. I am wondering if maybe there is some traffic inspection happening that might be slowing this traffic down? I had the traffic shaper enabled, and I just disabled it however we are still getting the same result.

    From the print queue I can see if a large file is printed(say 4mb), it will send 2mb and pause. The rest of the traffic will either fail, or make it through really really slow. As a result, the print spooler keeps retrying the job and the printer keeps printing partial pages.

    To summerize this:

    I've got all our workstations on one network, I've got another network in the same building that has all our printers and a few routers. This equipment is leased and is on it's own network for support from the supplier. We have 2 ISP connections, one for each network and as a result we have 2 gateways. All traffic going to the internet from out network is routed out our .125 gateway. All other traffic which specific to our leased network goes out the .126 gateway. Now with our new IP scheme its nessesary to route print traffic to our .125 (pfSense) and have it forward that traffic to the .126 gateway as needed to print. I've setup a static route on the pfSense box to do the routing, and it is working. I can ping through to the printer on the other network.

    To verify the issue is with the pfSense box, I've setup a static route on our print server to have it route to the .126 gateway bypassing the pfSense box. This works, and traffic is not delayed or interupted. I installed a new printer on my workstation which bypasses the print server and tries to print directly to the printer. This sends the traffic to the pfSense box and lets it do the legwork. This is where I am seeing the delay.

    Any info on this would be great! Has anyone else experienced printing delays through pfSense?

    Thank you in advance.

    Craig



  • I've been doing some more research on this and I've found a few more things that might be useful. First there are no rules on the LAN other than pass all traffic.

    Here is a result of some ping tests. They might be inconclusive, but it might help.

    C:\Users\craigs>ping -l 65500 199.194.xxx.xxx

    Pinging 199.194.xxx.xxx with 65500 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 199.194.xxx.xxx:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\Users\craigs>ping 199.194.xxx.xxx

    Pinging 199.194.xxx.xxx with 32 bytes of data:
    Reply from 199.194.xxx.xxx: bytes=32 time<1ms TTL=254
    Reply from 199.194.xxx.xxx: bytes=32 time<1ms TTL=254
    Reply from 199.194.xxx.xxx: bytes=32 time<1ms TTL=254
    Reply from 199.194.xxx.xxx: bytes=32 time<1ms TTL=254

    Ping statistics for 199.194.xxx.xxx:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms



  • Well actually that proofs, that printer doesn't handle that big ping packets or any other packets

    What i've tried that printer can handle exactly ping packet size 1476, not any bigger, at least hp directjet io can't response any bigger packet
    Can you install yourself wireshark and capture that printing traffic, there might be some more knowledge



  • Yeah, that packet size might have been too big for the printer. It's not the traffic that is the issue though.. I've setup 2 printers on my computer that use the same printer. One printer setup goes through pfSense(.125 gateway) and then to the printer. The second printer setup goes through a different gateway and directly to the printer, and it seems to work with no issues. Same print traffic tested on both setups.

    Something is going on with the pfSense box that is slowing and even halting print traffic?



  • How many rules you concerning this networks? I'm asking that, if you're having lots of rules and printing rules happen to be quite down in that list. that might cause some speed dropping, but not much.



  • There are less than 5 rules. The rule for this is set at 1 or 2.

    Thank you for your reply.



  • What kind of hardware you have and what kind of packages you have loaded on it?



  • The pfSense box is a dell PC with 3 NIC's. It's a dual core system with a gig+ ram. No extra packages install aside from default. Our printers are Kyocera FS-3900dn printers.



  • You're not giving a easy solution..  ;)

    Another question for the client side, have you checked printer driver settings that they match. like there is no difference in spooling (print immediately vs. spool until document resides in printer memory)

    Have you tried to give that printer static route, if that helps a thing?



  • Sounds like you have two gateways on the printer's network, which is likely causing asymmetric routing or possibly other issues, likely the cause of your problems.


Log in to reply