Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

print to a printer on another router

JCKJCK Newbie ✭
edited August 25 in Entry Level Firewalls

My client moved to a shared office. Two companies with separate networks on one network rack. Company A has agreed to allow Company B to share their printer. What is the best way to do this? I thought I could configure the X2 interface on Company B's TZ 500 with a static IP on Company A's LAN, connect it directly to Company A's LAN switch, set up an address object on the TZ 500 with Company A's printer's IP, and send traffic to that object through the X2 interface...but not sure what rules and routes would be needed to make this work. So far, I can't ping Company B's printer from Company A's LAN. Thanks for any suggestions.

Category: Entry Level Firewalls
Reply

Best Answers

  • CORRECT ANSWER
    MustafaAMustafaA SonicWall Employee
    Answer ✓

    Hi @JCK

    There are multiple solutions for your requirement, and the following is one of it. Since both companies are on the same premise, you can create a point to point connection between the two firewalls. For a user in Company-A to be be able to communicate with the printer in Company-B, you need to add a Static Route on Company-A firewall.

    Static Route Example:

    Source: Any or you can limit to certain IP addresses within 192.168.10.0/24 subnet

    Destination: 192.168.20.200, which is the printer

    Interface: X2:192.168.99.1

    Gateway: 192.168.99.2, which is the X2 interface of the firewall of Company-B

    You can add additional Access Rules on both firewalls to tighten the security and limit the communication.

    image.png


  • CORRECT ANSWER
    MustafaAMustafaA SonicWall Employee
    edited September 12 Answer ✓
    https://community.sonicwall.com/technology-and-support/discussion/comment/19144#Comment_19144

    This is not a preferred path due to the following reasons:

    1. With this setup, you are tapping into Company-B's network, and Firewall-A will have access to broadcast messages and other traffic coming from Company-B. Not a good solution from security stand-point.
    2. The default gateway for the printer is 192.168.20.1, which is the Firewall-B. You can possibly change Switch-B to a layer-3 switch and have the switch act as the default gateway for Company-B's network and then add route policies on the switch so that the specific traffic can be routed to Company-A, but then you are making things more convoluted.
    3. The best option is to keep it simple and controllable for both Company-A and Company-B.

Answers

  • MustafaAMustafaA SonicWall Employee

    @JCK , are both companies using the same firewall? Can you share a simple sketch of the topology?

  • JCKJCK Newbie ✭
    edited September 2

    Thanks for the reply, MustafaA, sorry for the slow follow-up. I hope my sketch is readable. The two companies have separate networks and firewalls that are housed on the same network rack. Maybe what I'm trying won't work but I saw it suggested on another forum. I control Company B's setup, not Company A, but they would likely cooperate if changes were needed on their side. When I connect a laptop directly to Company A's LAN switch, I can print to their printer.

    Network sketch.pdf


  • JCKJCK Newbie ✭

    Thank you very much for the clear answer, MustafaA! Working from the diagram you sent, would it also be possible to configure Company A's X2 interface for connecting directly to the LAN switch of Company B? If so, how do you recommend to configure that X2 interface? Would other settings be needed on Company A's router? Thanks.

  • JCKJCK Newbie ✭

    Hello MustafaA,

    I have tried to set up the configuration you suggest, but Company B's printer is still not accessible from Company A's LAN (doesn't respond to pings or attempts to configure a print queue). It may be that Company B didn't configure their interface or access rules as requested, but can you please check my X2 interface and access rule settings to see if you notice anything incorrect? Thank you in advance.

    X2 interface.png
    Printer access rule.png


  • MustafaAMustafaA SonicWall Employee

    In your Access Rule, use the Zone instead of the X2 as the Destination.

  • JCKJCK Newbie ✭

    Thanks, MustafaA. I removed the access rule as superfluous since X0, X2 and the address objects for the Company B firewall interface and printer are all in the LAN zone. The printer responds to pings from Company A's firewall, so it looks like the static route is working. However, I still can't ping the printer from a computer on Company A's LAN. Can you suggest what else I might check? Thanks again for your help.

  • MustafaAMustafaA SonicWall Employee

    Can you ping from from a host behind Company-A and do packet capture on Company-A's firewall. Filter the traffic based on ICMP and Printer IP.

  • JCKJCK Newbie ✭

    Thanks.

    JSP printer ICMP.png

    Screenshot of the packet capture attached, detail copied below. 10.10.18.5 is the host on Company-A's LAN, 192.168.50.200 is the printer. It looks like it's forwarding out the X2 interface as desired?

    Ethernet Header

     Ether Type: IP(0x800), Src=[68:5b:35:c2:4c:f4], Dst=[18:b1:69:f3:c6:c0]

    IP Packet Header

     IP Type: ICMP(0x1), Src=[10.10.18.5], Dst=[192.168.50.200]

    ICMP Packet Header

     ICMP Type = 8(ECHO_REQUEST), ICMP Code = 0, ICMP Checksum = 18311

    Value:[0]

    Forwarded 1:2)

  • MustafaAMustafaA SonicWall Employee

    Packets are being forwarded correctly on X2 interface, but we are not receiving any response. You need to do a similar capture on Firewall-B and trace the packet flow.

Sign In or Register to comment.