Does the PIX have a problem handling PSH ACK TCP?

Unanswered Question
Aug 12th, 2010

I have a problem currently with printing through a PIX firewall. The traffic is outbound through a PIX 525 and is a TCP connection on destination port 9100.

Packet capture has shown the TCP handshake to be SYN, SYN ACK, ACK then PSH ACK, and I cannot get the print to work.

I google'd "printing 9100 PIX" and found a couple of relevant results which point to the PIX dropping this type of traffic as a security risk.

Is this the case, and if so, as it is very legitimate traffic, what can be done to solve it ?

Any ideas please?

Many thanks

Phil Stephenson

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Fri, 08/13/2010 - 08:26


Can you share the packet captures (pcap format, 1500 bytes), software version of PIX, logg message displayed when PIX is dropping this packet.


Kureli Sankar Fri, 08/13/2010 - 11:37

Pls. enable logging as well and see what the syslogs say.

conf t

loggin on

logging buffered 7


sh logg | i x.x.x.x

where x.x.x.x is the printer ip


jdavidreynolds Wed, 09/01/2010 - 14:39

I have this same problem. Have you found a solution?

Edit...Eureka! All I needed to do was "clear xlate" for it to pick up my new configuration. Now it works. Sorry, I'm new at this.


This Discussion