Remote SMA client DNS registration
We have been asked to set up remote clients to be able to print to an off-site printer, which may even be at another remote site. Both sites would be connected via one of as many as four SMA 8200 virtual appliances behind multiple Internet providers at two datacenters. For this to work, we either need to be able to lock down the remote IP address, which doesn't appear to be easy to do with multiple SMA's and multiple IP pools, or we need the remote client to register its IP address with DNS on one of our Active Directory servers, which also isn't looking promising. Has anyone done anything like this and if so, what is the most reliable way to accomplish it? If it just can't be done, we need to know that too, and we'll just have to get Sonicwall firewalls for the remote sites with printers and use site-to-site VPN's.
Printers could be setup as a protected resource over SMA and secure access could be enabled thro' split tunnel and redirect all modes.
Please find below the excerpt from SMA1000 v12.4 admin guide for more details. Please reach out to tech-support if your use case requires further investigation
"The user goes on a business trip and it turns out that the printer
he or she wants to use, on a local network at a conference center, uses that same address. If you’ve selected the
Allow users to indicate which split tunnel redirection mode to use on the client option in AMC, you allow the
traveler to indicate a preference for local resources (in this case, the printer) when there is a network conflict.
The choice is made on the client in the Connect Tunnel Properties, on the Advanced tab."
"To direct all traffic through the appliance, but also give users access to local printers and file shares, select
Redirect all, with access to local network. For example, if you have a community of remote employees, working
from home, you could use this redirection mode for maximum security, yet still allow them to use resources on
their home networks, such as a printer."