This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enable connection to a printer on different subnet

I have two subnets, A and B both established on different ports on my sg135 UTM. 

I have had to had to move my duplex printer from my subnet A to a different subnet B so that it can be used by clients on subnet B. 

What is the best/correct way for me to be able to use this printer from my own subnet A whilst maintaining security between the subnets so that my subnet is not otherwise exposed or accessible to clients on subnet B.

Grateful for advice please.



This thread was automatically locked due to age.
Parents
  • Hello .

    There are several possibilities to do that.

    The minimalistic way would be:

    1. Give the printer a static IP or DHCP reserved IP in subnet B
    2. Create a Host object in UTM with the printer IP
    3. Create a firewall rule to allow traffic from "subnet A" --> "Printer in subnet B"

    The services allowed to access in the firewall rule depend the printing protocols used.


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • Hi and many thanks for your quick answer.  Looks good to me; a couple of follow up questions please:

    The printer is required to have dhcp enabled because of the user requirements on subnet B so I need to check how to reserve the dhcp address.  I assume it will be done by device name or MAC address but your further direction would be appreciated.

    I am not familiar with how to create a Host object.  Never done that before.  Is there a wiki I can read please?

    As you can tell I am very much in learning mode here!!!

    Thanks again,

    Budge 

  • If the firewall is doing DHCP you just may klick on the 'make static' button under "Network Services -> DHCP -> IPv4 Lease Table". Then you will already have a network host definition which you may use in your firewall rules.

    If the UTM is not providing DHCP services in that network, just navigate to "Definitions & User -> Network Definitions -> Network Definitions" and create a new one of type host providing the IP.


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • Hi and many thanks once more.

    I have to go out now but will get back to it this evening. 

    I spent a few minutes looking further before your reply and think I understand.  My only concern now is not to interfere with the "normal" function of the subject printer from subnet B.  What I am intend, with your help, is that my connection should not interfere with the working of subnet B.  I did look at the leases listed in the DHCP tab and could not see the printer, which is odd because it is turned on.  I suspect the printer has some HP technique set up for all remote users who will no doubt be using Wifi and could be on subnets B or C.  Will check the printer setup when I return.

    Regards,

    Budge

Reply
  • Hi and many thanks once more.

    I have to go out now but will get back to it this evening. 

    I spent a few minutes looking further before your reply and think I understand.  My only concern now is not to interfere with the "normal" function of the subject printer from subnet B.  What I am intend, with your help, is that my connection should not interfere with the working of subnet B.  I did look at the leases listed in the DHCP tab and could not see the printer, which is odd because it is turned on.  I suspect the printer has some HP technique set up for all remote users who will no doubt be using Wifi and could be on subnets B or C.  Will check the printer setup when I return.

    Regards,

    Budge

Children
  • Hi, I have it working now almost correctly.  The printer did have a fixed IP within reserved addresses so didn't appear on lease table but I found it using nmap and set up the host, including the MAC address.

    I was not sure about DHCP but as the printer had fixed IP, I selected 'no dhcp'

    Similarly I didn't set up anything on DNS.

    I specified my subnet in the advanced section.

    I set up a firewall link between my subnet and the host and I can now print OK but I do not get the pop up telling me the job has been started and another when it has been completed.  If you can help that would be great.  

  • I was too quick to say I have it working now.  Strange but it works from my laptop but not from my workstation.  I have turned off the firewall off the workstation and I have no difficulty pinging the printer with or without this firewall but darned if I can get a connection established from the workstation.

    Since the connection is working I assume this is a printer/local issue so will verify the answer.  Thanks again,

    Budge