Compatibility problem between OPN and CATO Networks?

Started by fffeall, July 18, 2024, 09:37:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 18, 2024, 09:37:56 AM
Hi guys, we actually use OPN as firewall on many sites of our customer; recently he bought CATO and installed it as main router, and we have a configuration like this:

--LAN------>OPNSENSE----->CATO

Our client have the opnsense as the default gateway, and then (in order to communicate with the other sites) the opn use the CATO as gw for the static routes.

Now, the actual problem is that, if we are in the main LAN (gw opn) and we try to print to another sites (so, HOST-->OPN-->CATO), windows respond with an error, but if we have the CATO as the gw, all works.

Another problem we had when the CATO was the default gw of the LAN: CATO let pass all the traffic which will be treated by the opn, but if an host had the CATO as gw, when he try to surf the internet nothing works, if it changes the gw to the opn all works.

On both case, opn show us green log, nothing wrong, static routes working, rules also...

My question is if someone else had an experience with CATO and OPN, if there are some problem between these two, because we didn't understand if the problem is our or them.
July 18, 2024, 09:54:01 AM #1 Last Edit: July 18, 2024, 09:56:01 AM by doktornotor
The first Google hit for CATO returns "zero-touch device ready to work in minutes" which in turns makes my head want to explode...

There is no information to debug anything in a meaningful way (what is "windows respond with an error" supposed to mean, and what are you trying to do when you get that error???) - but since they claim the device is zero-touch and works in minutes, maybe it is just CATO being broken.  ;D ::)

Daisy-chaining routers with all the pitfalls asymmetric routing, double NAT etc. for no good reason is not the best idea around.
July 18, 2024, 10:14:36 AM #2
You're right xD, I'd say very few information:

When I  try to print, windows retrieve a generic error, it says "There was a print error", then in the event viewer there are error relative to metadata staging failed from the source DeviceSetupManager, but i'm not sure it's the actual problem.

We've analyzed with wireshark and tcpdump the packets but there is nothing strange, it seems it's all ok!

I know are very few info, but really I've already checked all the opnsense side, and it seems all correct, no packet being dropped/blocked, the static routes to the other sites works as well.

I'm asking hoping someone already had a similar situation, but, if someone else wants more specific information, please ask as a reply and I will give you that info.

Thanks
Fil



July 18, 2024, 10:26:55 AM #3
Try to print from where to where? How are the printers set up? How are the clients configured? What protocol are they using (LPD/LPR, IPP/IPPS, WSD, AirPrint, JetDirect/RAW, Mopria...)

Eh...

July 18, 2024, 11:40:32 AM #4
The problem appear when I try to print from a sites (10.19.x.x) to another sites (10.20.x.x), if I have the opn as the gw it don't work, if I have the cato, works.

The printer is a RICO, and it use LPR, in this specific case on the port 53000.

The OPN is 10.19.0.4,the CATO is 10.19.0.20, the printer is 10.20.2.2, to reach the 10.20.0.0/16 we have a static route on the 10.19.0.4 which remands to 10.19.0.20.

I've tried also an older version of OPN (23.7), but nothing changed, the error still appear.

I'm pretty sure of the stability and reliability of OPNsense, I'm not sure about the rest...

July 18, 2024, 12:24:51 PM #5
Ignore the device metadata log noise, it's just MS noise, they never fixed their stuff. https://answers.microsoft.com/en-us/windows/forum/all/device-setup-manager-metadata-staging-failed-event/67212749-06b1-48c6-9033-f560badb8751?page=1

10.19.0.0/?? is your LAN? The upstream router should not be on LAN. Do you have some network diagram?
Print
Go Up Pages1
User actions