This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enable connection to a printer on different subnet

I have two subnets, A and B both established on different ports on my sg135 UTM.

I have had to had to move my duplex printer from my subnet A to a different subnet B so that it can be used by clients on subnet B.

What is the best/correct way for me to be able to use this printer from my own subnet A whilst maintaining security between the subnets so that my subnet is not otherwise exposed or accessible to clients on subnet B.

Grateful for advice please.

This thread was automatically locked due to age.

Top Replies

ThomW over 3 years ago in reply to Budgie2 +1

If the firewall is doing DHCP you just may klick on the 'make static' button under "Network Services -> DHCP -> IPv4 Lease Table". Then you will already have a network host definition which you may use…

0 Budgie2 over 3 years ago in reply to Budgie2

Hi Jay Jay,

As you can tell I am not a coder and well outside my area of expertise so if you have time I would appreciate some help pinning down my problem. I have set up the connection between the printer as a host object in the remote subnet with the printing services bundle. Even so it seems port 9100 is blocked and SLP cannot see the printer from my network. I cannot find SLP as a service so I am stuck. I have a snapshot of the rules I have set up:

What I do not know is had to add port etc.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jay Jay over 3 years ago in reply to Budgie2

When editing the firewall rule you can click on the PLUS in the SERVICES box and assign a destination port. Port ranges are entered as x:y.... ie,1000:2000 for ports 1000-2000.

For live firewall viewing, hover over the clipboard next to the user name up at the top, then click on firewall.

I would look at some youtube video tutorials on how to use UTM. You can pick up the fundamentals much quicker visually than reading about it.
Cancel
Vote Up 0 Vote Down

Cancel
0 Budgie2 over 3 years ago in reply to Jay Jay

Hi,

I am very slow but can now see that UDP packets are being dropped from port 161 with a dstmac address I do not recognise. One of the devices between my machine and the printer seems to be the problem so now I have to do some more work. What I do not understand is why I can ping the printer in this situation. Will start reading up what to do next.

Thanks for your help so far btw. The UTM videos were a great help but I have not yet found a trouble shooting example, only basic configurations.
Cancel
Vote Up 0 Vote Down

Cancel
0 Budgie2 over 3 years ago in reply to Budgie2

Hi Jay Jay,

I have it working now. There was an error in my rule which combined with a static setting from long ago caused a conflict and gave inconsistent behaviour. Once found all was well. Many thanks for your guidance.

I do have one remaining question concerning firewall configuration. If I wish to send filtered traffic on should it be sent to "any" or External (WAN)? I ask because the "any" icon suggests 'the world' but to me it could mean any interface, either in the outside world or among device interfaces. You suggested I stop printer from calling out, so do I tell the printer to drop traffic addressed to External WAN or 'any'?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 3 years ago in reply to Budgie2

You're right, "Any" means all your LANs and the entire Internet. The "Internet IPv4" object is the one that includes the entire Internet but not your LANs.

"External (Network)" only includes the subnet defined on the "External" interface.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel