Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

How to share a printer from one network to another

Twizz728Twizz728 Newbie ✭
in Entry Level Firewalls

Hello all,

I have a business network that is on its own subnet (192.168.1.1) and a guest subnet (192.168.2.1) for conference room users, public WIFI, and any other person who decides to come into the office. I have a copier that is setup on the business network (192.168.1.5) that I would like the guest users to be able to print to. For security purposes I'm concerned about the guest network having a connection into the business network, but there are users who need to be able to print to that copier on the business network. I've looked at putting the copier in a DMZ, but I would like to leave it where it is to prevent any unforeseen issues currently with the business network workstations configurations. What would be the best approach to share this copier with both networks?

Thanks!

Basic Network Diagram.jpg


Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    You should use ip helper for printer broadcast services. generaly pritner uses 9100 TCP AND UDP . but you have to check with wireshark or printer brand books.


    some case kb:

    https://www.sonicwall.com/support/knowledge-base/apple-airprint-issue-unable-to-see-lan-printer-from-iphones-or-ipads/170504339719913/

    sample another service ip helper config:

    https://www.sonicwall.com/support/knowledge-base/configure-ip-helper-for-dhcp-server-behind-the-x0-lan-interface/170504396068291/


  • Options
    Twizz728Twizz728 Newbie ✭

    @MitatOnge let me ask you this. I tried that approach and ran into a few issues. I was able to create a firewall rule to allow traffic from the guest network subnet using any ports and any services to the specific static IP of the copier. I can now print to this copier and when doing a scan of the guest subnet it doesn't look like I'm seeing anything from internal secure network bleeding over into the guest network. Would there be any security concerns that you can think of with this rule only allowing traffic to that one IP address?


    Thanks!

  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    You can share printer connection ports but you cannot find and access via the bonjour or other printer broadcast services with scanning. if you know the printer ip after the created access rule for printer ports. you can directly connect via windows printer add tools with ip. do you want to see with scanning you have to use ip helper service for bounjour and 9100 tcp ports. there is no way other way

  • Options
    Twizz728Twizz728 Newbie ✭

    @MitatOnge I'm fine with it not being discoverable. I will be the only one setting up the connections to the copier with the IP, but my main concern was not that there is an access rule from the Business LAN to the Guest network that if there was a breach in security on the network that someone may use some type of discovery tool to try to footprint the guest and business network for attacks. As long as the rest of the IP range on the LAN is protected then I should be good. I didn't want ransomware or some type of other malware spreading from the guest subnet to the business subnet.

  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/19255#Comment_19255

    You don't need to create access rule for printers. just you should create ip helper service for printer discovery broadcast service

Sign In or Register to comment.