How to allow Printer Access from isolated segment?

Follow

rj834

• December 09, 2022 17:58

Hi all,

Rookie question here...My work systems are on one port of the Firewalla Gold with it's own IP and no rules, except No Local Access.  I have a printer on my home network which I need to also be able to print to from my work system.  

How is the best way to set this up, where I can print, yet prevent access to the rest of my Home network?  Same question would apple to guests being able to print, but they are segmented off via VLAN, but the AP is still connected to the same port as my home network.  Not sure if provisioning for one would be different than the other, but thought I'd ask both questions just in case the solution was different.

Thanks!

0

• 

  Michael Bierman

  • December 09, 2022 18:38

  @rj834,

  So say you have two networks A and B. There are multiple things yo can do here: 

  1. Allow no traffic between A and B. 
  2. Allow traffic from A > B but disallow traffic from B > A. 
  3. Allow traffic from B > A but disallow traffic from A >B. 

  For all of them, start with a rule that says BLOCk traffic to and from all Local networks. Apply this to each network.

  For 2 and 3, add a rule that says ALLOW traffic from [network of your choosing] apply this to the network receiving the request. This might be the network with the printer in your case. 

  0

  Comment actions Permalink
• 

  rj834

  • December 09, 2022 22:50

  What impact would that have for security tools (packet captures, etc) installed on my work laptop as far as having visibility to my internal network, but not from?

  0

  Comment actions Permalink
• 

  rj834

  • December 11, 2022 14:44

  So, I created a rule blocking all traffic to and from local LANs, since there’s more than work and home. I then created a rule to allow work > home, but block home > work.  Printer immediately went offline, so there’s definitely two way communication there to validate the printer status.  
  
  

  I guess I should have added some context.  I already can’t print from work system to home printer. That’s never worked.  I can see the print queue, but it never goes through. If I connect to my home WiFi, it prints immediately.  Shouldn’t this be more of a NAT setting?

  0

  Comment actions Permalink
• 

  Michael Bierman

  • December 11, 2022 16:54

  So, I created a rule blocking all traffic to and from local LANs, since there’s more than work and home. 

  Perfect. 

   allow work > home, but block home > work.

  So this is tricky. There are often two ways to do rules; 

  "allow traffic from" or "allow traffic to". Worth playing with this. But again there should just be one block and one allow required here. 

  So some printers use mDNS for notification. You could turn that on for the relevant networks. 

  0

  Comment actions Permalink
• 

  rj834

  • December 15, 2022 23:19

  I've played around with the rule combinations and nothing has worked so far.  Where do I find the mDNS setting?

  0

  Comment actions Permalink
• 

  Michael Bierman

  • December 15, 2022 23:54
  • Edited

  Settings > Advanced > Configurations > mDNS Reflector

  1

  Comment actions Permalink
• 

  rj834

  • December 22, 2022 19:01

  Ah!  On and functioning.  Thank you!

  0

  Comment actions Permalink

Please sign in to leave a comment.