Solved

Sonicwall LAN to Wifi Network

Posted on 2014-12-02
21
1,081 Views
Last Modified: 2014-12-10
I have a Sonicwall TZ105 and need people on the Wifi to be able to print to 2 Network Printers that are on the wired LAN.

I have tried several things like setting the WLAN and LAN in the firewall to Allow Any access going both ways.  

I can ping the printer over the WiFi but the printing only works when plugged into the wired LAN.

What am I missing?
0
Comment
Question by:April33
  • 7
  • 6
  • 5
  • +1
21 Comments
 
LVL 11

Expert Comment

by:sumeshbnr
Comment Utility
What is happening if you browse the network without Wired LAN ?It shows the printers? ( or using UNC can you see the printer ?say \\printerip

Why do talk about firewall Wifi and wired are in different subnet/network?
0
 

Author Comment

by:April33
Comment Utility
The Wireless subnet is on 172.16.31.x and the Wired is on 192.168.168.x
0
 
LVL 11

Expert Comment

by:sumeshbnr
Comment Utility
since you can ping the printer IP  then routing is ok with these two networks then only doubt the packet filter rules

but you said that you have allowed all in both directions .I think you missed some thing when you configured this .File and printer share ports are need to be enabled in both directions.

printer and driver is ok because you can print when you connect to wired NW .so I doubt the firewall rules
0
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
Please check your printer is the default gateway is set to SonicWALL LAN interface IP Address. This is required for printing to an from different subnet.

I believe you correctly allowed printing from WLAN zone to LAN Printers. You can check like below.

1. Create address object for the printer IPs.

Go to "Network --> Address objects" and add a new address object like below.
Add Obj2. Create Firewall Rule allow traffic from WLAN subnet to the Printers.

Go to "Firewall -> Access Rules" and select Matrix Type.
MatrixSelect "WLAN -> LAN" and add a new rule like below
Access RuleNow, Wireless devices should be able to print to the printers.
0
 

Author Comment

by:April33
Comment Utility
Miftaul - I will give this a try.
0
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
Thanks, if you face any issues, please do post here.
0
 
LVL 11

Expert Comment

by:sumeshbnr
Comment Utility
Yes I forgot about the gateway part .
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
Hi sumeshbnr,

Provided that you need to setup the printer correctly in the LAN Zone then the instruction is very straight forward.

If you are simply making Any/All services communicate with each other then it defeats the purpose of having a separate Security Zone and you should consider just setting up an L2 Bridge Mode (WLAN and LAN on same subnet). If you need instruction on this simply ask and I will provide you with detailed steps for this as well.

Otherwise, to allow printing on the LAN from the WLAN all you need to do is find out which port the printer is communicating on (typically 9100) and explicitly open just that to the WLAN. If you have difficulty determining which port it is using, alternatively, you could explicitly allow the IP Address of the printer provided that you have setup a DHCP Reservation for the printer itself. Below are instructions on how to allow only port 9100 to the LAN from the WLAN.

 By default, SonicWALL blocks traffic from Wireless to LAN, therefore wireless devices will not be able to communicate to the printer on the LAN Zone.

Printers use various ports for receiving a print job from users (e.g.: Most of the Printers use Standard Port 9100 (TCP & UDP)), opening the printer port (e.g.: port 9100) from WLAN to LAN Zone resolves the issue.

Follow these steps to Add an Allow rule from WLAN to LAN:

1. Login

Login to the SonicWALL Appliance, go to Firewall > Access Rules. Select Matrix Style Viewing and select WLAN > LAN.

2. Add Access Rule

Click on Add button and configure the following:
Action: Allow
From Zone: WLAN
To Zone: LAN
Service: <The custom created port for printing (Usually TCP & UDP port 9100 is used)>
Source: Any
Destination: <The address object for the printer on the LAN>
Users Allowed: All
Schedule: Always on
Comment: <Add a comment that gives the purpose of the rule (Eg: Print from WLAN to LAN)>

Click Ok to add this rule
Alternatively attach the printer to a Windows server or PC, and use Pinter Sharing.

Note: Your newly created Access Rule should be higher in Priority than any other rule in the WLAN>LAN Zone.

Note: You can contact your printer manufacturer to know the exact port numbers used by your printer.

Let me know if you have any questions!
0
 

Author Comment

by:April33
Comment Utility
I followed your (Miftaul) recipe and was able to print to both printers after installing them manually.  The problem is that I need the printer set up to be monkey proof.  If I put in the Install CD and run it, it will not find the printers when it searches.  I need to put in the IP of the printer for it to install.  

I'm not sure how the installer finds printers but I tried using the IP Helper in the Sonicwall and adding an entry for NetBIOS communications (so it will work between 2 different networks) - this didn't work.

Does anybody have suggestions?





 
Expert Comment

Miftaul2014-12-03 at 01:58:42ID: 40478123




Please check your printer is the default gateway is set to SonicWALL LAN interface IP Address. This is required for printing to an from different subnet.

 I believe you correctly allowed printing from WLAN zone to LAN Printers. You can check like below.
0
 

Author Comment

by:April33
Comment Utility
I did verify the correct LAN gateway on the printers and still no go.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
did you check the Firewall - > access rule, WAN to LAN zone and that there is a rule allowing traffic from internet to your internal IP.
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
I followed your (Miftaul) recipe...
so just for clarity did you actually follow my steps in comment http:#a40480570 ?

Also, are you not running the printer in a print server. If you set them up on a server all you need to connect to them is start > run, type "//server_name", press OK, then R-click on the printer and select connect. dummy-proof?!
0
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
I understand the printing is working fine from WLAN to LAN. But the issue is, your network search feature is not working for printers from the installer. and you prefer to install the printers using the installer CD that uses the printer search. I assume, you set a IP address to the network printers.

The network printer search feature works only within the subnet. Here WiFi subnet is different than the LAN subnet and as such although we allowed the access rule and NetBIOS broadcast, the search is not working. But printing to the printers IP will work just fine.

Here are the possibilities to add the network printers.

1. Add the printer using the IP address (Network printer search will fail for printers in different subnet)
2. If your WLAN interface is bridged to the LAN, then your wireless devices are on the same subnet as LAN. This time the Network Printer search feature will work fine from teh installer CD.
3. Take the wireless PC(where we are trying to install the printer) and connect that to the LAN, Run the installer CD and install the printer. Once the printer is installed, you can disconnect the PC from the LAN and connect to your wireless, this time the printing will continue to work. (I assume your printer has a static IP address on the LAN).
0
 

Author Comment

by:April33
Comment Utility
I tried to Bridge LAN to WLAN but it failed?
Seems this is the way to go.  How do I go about this option?
0
 
LVL 24

Assisted Solution

by:diverseit
diverseit earned 250 total points
Comment Utility

Setting up an L2 Bridge Mode (WLAN and LAN on same subnet)

mention here (http:#a40480570)

1. Interfaces

For configuring the SonicWALL WLAN interface go to Network > Interfaces > WLAN configure. Select the IP Assignment to Layer 2 Bridge Mode. And on the Bridge to drop-down menu select X0 which is the default LAN on the SonicWALL.
 
(Note: You can bridge the SonicWALL WLAN with the interface that belongs to LAN or DMZ zone or in other words to any interface which belongs to a custom created zone of Type “Trusted” and “Public”. We cannot create the Bridge Pair to WAN which is a Untrusted zone or any interface which is part of the WAN zone)

2. Zones

After selecting the Primary Bridged Interface. Click on OK and save the settings. You will get an warning pop-up message that says “Interface Bridge Doesn’t Change its zone. Only allow rule between bridge pair will be auto-added.  Please add other necessary rules manually." Click OK on the box.

3. Changes to Note

Now the X0 Interface and the W0 interface are bridged with the same IP address for their Interfaces.
 
An auto added allow access rule will be created from WLAN to LAN under Firewall Access rules.

Under Network > Address Objects page both W0 (WLAN) Subnet and LAN Primary Subnet will be pointing to the same subnet.
 
When wireless clients connect to the SonicWALL WLAN they will get an IP address from the SonicWALL LAN Segment.
If the SonicWALL is the DHCP server the WLAN clients can get an IP from the LAN DHCP lease scope on the SonicWALL. If there is a DHCP server we don’t need to create an IP Helper policy since the WLAN and LAN fall under bridge pair. No relay IP is needed. The wireless client computers can access the local resources and the Internet without any Access Rule.

In this example I am using bridging between X0 and the in-built wireless interface (W0). When using SonicPoint (connected to say the X2 interface), connect the X0 (LAN) interface and the SonicPoints (connected to the X2 (WLAN) interface), to separate switches.
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 250 total points
Comment Utility
Go to "Network -> Interfaces" and "Edit" the WLAN interface (my wireless is X0 here)1.jpg
You will see something like this2.jpgSelect "Layer 2 Bridged Mode" for Mode / IP Assignment and Bridge to "X0" Interface
The interfaces will look like this 3.jpgYour wireless interface is now bridged to LAN X0. and your Wireless devices will receive IP address in the range of LAN Subnet.
As we already have the required WLAN to LAN access rules defined, you now should be able to run the printer installer CD and the network printers should be viewable now.
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
This is getting a bit duplicative...no?
0
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
Waiting for the day, when EE pages will refresh to see the recent changes and/or EE allow you to delete your own comments.
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
Lol true! :)
0
 

Author Closing Comment

by:April33
Comment Utility
Once I Bridged the 2 networks, all printing and printer searches were working from both LAN and WLAN!

Thanks Guys!
0
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
Nice that it worked, thanks for the points.

I thought you will award me points on my comment ID: 40490585.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now