Printix Administrator Manual

1.6. Network ports

Secure communication
All Printix communication inside and outside the network is secured with encryption and the use of HTTPS (SSL/TLS). Documents are stored encrypted until they expire and get deleted. Documents do not need to leave your network.

  • HTTPS on TCP port 443
    Secure browser communication between the components and Identity Providers, such as Microsoft Azure AD, Google Workspace, Okta, OneLogin and others.

These ports must be open within the network:

  • SNMP on UDP port 161
    Access and collect information from printers via SNMP. Both SNMPv1 and SNMPv3 is supported. ICMP message requests and replies must be allowed on the local network, as the ping command is used to discover printers.
  • RAW print on TCP port 9100
    Transfer print data to the printers. The computer with Printix Client must be able to reach the printer on the network to allow printing. Print data can also be sent via:
    • IPPS and TCP port 443. Use of other port numbers is also supported.
    • IPP and TCP port 80. Use of other port numbers is also supported.
    • LPR and TCP port 515. Use of other port numbers is also supported.
  • TCP port 21335
    Forward print data to another computer running Printix Client. Encrypted.
  • TCP port 21336
    Secure communication to Printix Redirector on a Windows Server.
  • UDP port 21337
    Printix Discovery Protocol used to find computers running Printix Client. Not encrypted.
  • UDP port 5353
    If mobile print is enabled, and is to be used with iOS/iPadOS phones and tablets, then Printix Client will broadcast AirPrint printers via the Bonjour networking protocol (Multicast DNS).

Printix Client requires two ports to be open on the local computer:

  • TCP port 21338 and 21339
    Secure local communication. TCP port 21338 is used for communication between the two processes: PrintixClient.exe and PrintixService.exe. TCP port 21339 is used for listening by the Printix Client built-in web server for sign in and printing (Windows print spooler and CUPS).

If Printix Go is in use these ports must also be open within the network:

  • TCP port 7627
    SOAP communication from Printix Client to Printix Go on HP printers.

If Active Directory authentication is enabled one of these ports must also be open within the network:

  • Secure LDAPS on TCP 636
    Authentication of users via secure LDAPS.
  • LDAP on TCP port 389
    Authentication of users via LDAP.

Windows Printix Client automatically configures the required ports in the local Windows Firewall. It does so by running the provided file: open_firewall.cmd

Web proxy and SSL inspection

Use of a web proxy and/or SSL inspection may for example prevent Sign in to Printix Client. You MUST add the printix.net domain and subdomains as exceptions so traffic is not blocked.

The syntax for adding exceptions varies depending on the software you use. Please refer to you security software documentation to determine the syntax for specifying a domain and subdomains. These are some common examples of wildcard syntax:

  • *.printix.net
  • .printix.net

The specific URLs that must be unblocked:

Required

  • https://assets.printix.net
  • https://api.printix.net
  • https://auth.printix.net
  • https://sign-in.printix.net
  • https://drivers.printix.net
  • https://software.printix.net
  • wss://websocket.proxyendpoint.printix.net

Required if documents go via the cloud

  • If you do not add an own cloud storage, but just use the Printix offered cloud storage:
    • https://prodenv2printjobs.blob.core.windows.net
    • If you add an own Azure Blob Storage you need to include the URL referencing the account name (For example: printixcloudstorage):
      • https://printixcloudstorage.blob.core.windows.net
    • If you add an own Google Cloud Storage you need to include the URL referencing the bucket name (For example: printix-cloud-storage):
      • https://storage.cloud.google.com/printix-cloud-storage

Required, if you use Printix Go

  • https://device-api.printix.net

Required, if you enable mobile print (Apple AirPrint)

  • https://airprint.printix.net

How does Printix Client find the web proxy?

Printix Client consists of two components:

  • The user interface of Printix Client (PrintixClient.exe) which runs under the signed in user’s account
  • The Printix Service (PrintixService.exe) which runs under the local system account, and handles the printing.

Printix Client use a Windows function WinHttpGetProxyForUrl (implements WPAD) to get the proxy settings from the PAC file. It also looks at the proxy settings configured for the user. If it finds a suitable set of proxy settings for the user, it remembers them in the registry under the LSA user (HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections).

How to determine if SSL Inspection is used

  1. Open web browser and enter the URL.
  2. Select the padlock icon to the left of the address
  3. If the certificate is intermediate, SSL inspection is used.

Troubleshooting

I have a web proxy and sign in to Printix Client does not work

  • Sign in with Microsoft, Google or email in Printix Client just returns to Sign in.
    RESOLUTION: You MUST add the required domains (see above) as exceptions so traffic is not blocked. See also: Sign in issues.

I have a web proxy and my printer will not install

  • Print drivers can not be downloaded from the Printix driver store.
    RESOLUTION: Unblock the URL https://drivers.printix.net

I do not recognize the used web proxy

  • In this case the PrintixService.log file will contain the text like this: running with proxy1: http://172.23.100.13:8080/ and Unable to connect to the remote server.
    RESOLUTION: Check if the web proxy is part of the PAC file and if it should be updated/deleted.

I have disabled the web proxy, but the computer still does not act as proxy

  • In this case, the PrintixService.log file may contain errors like: Proxy: Error event, Exception: proxy error
    RESOLUTION: Follow the steps below to delete settings from Windows registry.
  1. Select Windows logo key + R to open Run.
  2. Type: regedit, and select OK.
  3. In Registry Editor browse to:
    HKEY_USERS\S-1-5-18\Software\Microsoft\
    Windows\CurrentVersion\Internet Settings\Connections
  1. Delete the two entries called DefaultConnectionSettings and SavedLegacySettings.
  2. Restart the computer.
  3. Sign in to Printix Client again.

Print via the cloud does not work

  • Use of a web proxy and/or SSL inspection may require additional URLs to be unblocked.
    RESOLUTION: Unblock the required URLs to allow printing via the cloud.

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Please do not use this for support questions.
Printix Support

Post Comment