Solved

Firewall setup for file and print sharing

Posted on 2011-03-09
8
351 Views
Last Modified: 2012-06-21
I have a program that stores data in a folder on its C drive.  This is a Windows 7 machine. The folder is shared out.  There is also a networked blotter printer that is used just for printing out the files in this share.  The printer is shared out on the Windows 7 machine as well.  This would be network A.

There are two remote networks, say B and C, that need to connect to this file share.  Each network has a Windows-Explorer like program that accesses the file share and opens up these files, which are all proprietary file formats.  Inside the network which contains the Windows 7 machine, there's no problem.

I need to set up these networks so that the users on the remote network will be able to access the file share on the Windows 7 machine.  I have a decent understanding of routers, so I know I need to open up the WAN port on the network A router and set up forwarding so traffic is directed to the static of the Windows 7 machine.  We still have a few public IPs available to us in our ISP-assigned range, so I'm going to dedicate an IP just for this traffic.  Plus, I'm going to set up the firewall rules so only the IPs associated with network B and C are allowed to access the IP on the network A router.  

What I would like to know is what port to actually open.  Since there's a printer involved, the setup would have to allow users on network B and C to print to this printer.  They are all near each other (neighbor buildings), so someone might print to this printer and come by to pick it up.
0
Comment
Question by:sedberg1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
8 Comments
 
LVL 8

Accepted Solution

by:
nwtechdesk earned 500 total points
ID: 35088873
If it were me, I'd set up three routers with vpn capability and plug in the values so that both remote offices are connected to the main.  BY using the router's vpn, you don't have to install any equipment on the individual pc's and you don't have to micro-manage the ports on the firewall.
0
 

Author Comment

by:sedberg1
ID: 35089047
One of the networks is a police department, which means a VPN might not be a possibility for state mandates regarding security.  The police department would be one of the remote networks, so they would be able to get to the file share, but not vice versa.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35089525
The problem is that opening up NetBios ports on your firewall is definitely not a good idea.
A VPN is the best solution.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:sedberg1
ID: 35089884
With the VPN, this is what I'm thinking then...

site-to-site between network A to B and C.  The VPN is site-to-site so, the whole network would be trusted on the B and C site but route traffic to only allow access to the Windows 7 machine.  Also allow traffic to the printer.  Since it's a trusted network, there would be no need to open any particular port.  However, I do not want users from A to get to B and C.  Only the one way from B and C to A.  Is that one-way type of VPN possible?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35090069
You can set up security rules in the firewall to determine who can access what.
0
 

Author Comment

by:sedberg1
ID: 35099393
So this is how we are going to do it:
1. Set up site-to-site VPNs from network A to network B and then network A to network C.
2. Create static IP addresses for the workstations of users who need access
3. Set up address objects on the firewalls of the users' workstations
4. After verifying the site-to-site is running, create the routes to only allow the address objects access.
5. Create accounts for users to access the file share.
6. Map a drive on the users' workstation in B and C using a login script.  
7. Since the users on B and C would be in different domains, rather than have them be constantly prompted to log into the file share, put the login credentials on the login script.

That was it.  Thanks for your help!
0
 
LVL 8

Expert Comment

by:nwtechdesk
ID: 35310914
The VPN is the correct solution.  The police dept rules would preclude most any other solution as not secure.  Sedberg's plan posted 3/10 looks good.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Advice on router and switch 25 87
IP Jumping 6 73
192.168... network can't ping 18 36
how to tell if SMBv1 is enabled on a server or workstation? 3 52
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question