Using Universal Laser Systems XL-9200 With Windows Firewall

This week’s big project was to make our Precision Machining instructor’s laser engraver work on Windows 7.  Back when we were running Windows XP we were more lax with our security than we should have been and would disable the occasional desktop firewall.  This year we’re using Group Policy to force our desktops to run Windows Firewall and that seems to have caused a conflict with our XL-9200 Laser Engraver.

The Problem

The problem manifested as print jobs that would never finish spooling.  After several days of testing I determined that it wasn’t a driver issue or an operating system incompatibility because it worked fine with the Windows Firewall turned off, but for us disabling it permanently just isn’t an option.  The support folks at ULS didn’t know which ports needed to be open and told me to keep the firewall disabled, so it was up to me to resolve the problem.

The Solution

I enabled logging of dropped packets on the Windows Firewall then sent a few print jobs to the laser engraver.  Using the generated log file I was able to determine that the driver sends jobs to the XL-9200 via FTP on port 21, so communication from the PC doing the printing to the engraver needs open on that port; however spooling the job won’t complete if the engraver cannot communicate back to the PC, and there is no single port that it uses to communicate.  The driver chooses a random public port between 49152 and 65535 to communicate back to the PC. Enabling incoming communication on for these ports on any PC printing to the engraver should resolve communications issues.

That’s a lot of ports! To resolve any security concerns you might have, use the Windows Firewall with Advanced Security tool on Windows 7 and 2008 to create an Inbound Rule which allows traffic on these ports, but only from the IP address of the laser engraver.