?
Solved

Sonicwall LAN to Wifi Network

Posted on 2014-12-02
21
Medium Priority
?
1,533 Views
Last Modified: 2014-12-10
I have a Sonicwall TZ105 and need people on the Wifi to be able to print to 2 Network Printers that are on the wired LAN.

I have tried several things like setting the WLAN and LAN in the firewall to Allow Any access going both ways.  

I can ping the printer over the WiFi but the printing only works when plugged into the wired LAN.

What am I missing?
0
Comment
Question by:April33
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 5
  • +1
21 Comments
 
LVL 11

Expert Comment

by:sumeshbnr
ID: 40477775
What is happening if you browse the network without Wired LAN ?It shows the printers? ( or using UNC can you see the printer ?say \\printerip

Why do talk about firewall Wifi and wired are in different subnet/network?
0
 
LVL 1

Author Comment

by:April33
ID: 40477826
The Wireless subnet is on 172.16.31.x and the Wired is on 192.168.168.x
0
 
LVL 11

Expert Comment

by:sumeshbnr
ID: 40477832
since you can ping the printer IP  then routing is ok with these two networks then only doubt the packet filter rules

but you said that you have allowed all in both directions .I think you missed some thing when you configured this .File and printer share ports are need to be enabled in both directions.

printer and driver is ok because you can print when you connect to wired NW .so I doubt the firewall rules
0
The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

 
LVL 11

Expert Comment

by:Miftaul
ID: 40478123
Please check your printer is the default gateway is set to SonicWALL LAN interface IP Address. This is required for printing to an from different subnet.

I believe you correctly allowed printing from WLAN zone to LAN Printers. You can check like below.

1. Create address object for the printer IPs.

Go to "Network --> Address objects" and add a new address object like below.
Add Obj2. Create Firewall Rule allow traffic from WLAN subnet to the Printers.

Go to "Firewall -> Access Rules" and select Matrix Type.
MatrixSelect "WLAN -> LAN" and add a new rule like below
Access RuleNow, Wireless devices should be able to print to the printers.
0
 
LVL 1

Author Comment

by:April33
ID: 40479145
Miftaul - I will give this a try.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 40479186
Thanks, if you face any issues, please do post here.
0
 
LVL 11

Expert Comment

by:sumeshbnr
ID: 40479831
Yes I forgot about the gateway part .
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 40480570
Hi sumeshbnr,

Provided that you need to setup the printer correctly in the LAN Zone then the instruction is very straight forward.

If you are simply making Any/All services communicate with each other then it defeats the purpose of having a separate Security Zone and you should consider just setting up an L2 Bridge Mode (WLAN and LAN on same subnet). If you need instruction on this simply ask and I will provide you with detailed steps for this as well.

Otherwise, to allow printing on the LAN from the WLAN all you need to do is find out which port the printer is communicating on (typically 9100) and explicitly open just that to the WLAN. If you have difficulty determining which port it is using, alternatively, you could explicitly allow the IP Address of the printer provided that you have setup a DHCP Reservation for the printer itself. Below are instructions on how to allow only port 9100 to the LAN from the WLAN.

 By default, SonicWALL blocks traffic from Wireless to LAN, therefore wireless devices will not be able to communicate to the printer on the LAN Zone.

Printers use various ports for receiving a print job from users (e.g.: Most of the Printers use Standard Port 9100 (TCP & UDP)), opening the printer port (e.g.: port 9100) from WLAN to LAN Zone resolves the issue.

Follow these steps to Add an Allow rule from WLAN to LAN:

1. Login

Login to the SonicWALL Appliance, go to Firewall > Access Rules. Select Matrix Style Viewing and select WLAN > LAN.

2. Add Access Rule

Click on Add button and configure the following:
Action: Allow
From Zone: WLAN
To Zone: LAN
Service: <The custom created port for printing (Usually TCP & UDP port 9100 is used)>
Source: Any
Destination: <The address object for the printer on the LAN>
Users Allowed: All
Schedule: Always on
Comment: <Add a comment that gives the purpose of the rule (Eg: Print from WLAN to LAN)>

Click Ok to add this rule
Alternatively attach the printer to a Windows server or PC, and use Pinter Sharing.

Note: Your newly created Access Rule should be higher in Priority than any other rule in the WLAN>LAN Zone.

Note: You can contact your printer manufacturer to know the exact port numbers used by your printer.

Let me know if you have any questions!
0
 
LVL 1

Author Comment

by:April33
ID: 40486188
I followed your (Miftaul) recipe and was able to print to both printers after installing them manually.  The problem is that I need the printer set up to be monkey proof.  If I put in the Install CD and run it, it will not find the printers when it searches.  I need to put in the IP of the printer for it to install.  

I'm not sure how the installer finds printers but I tried using the IP Helper in the Sonicwall and adding an entry for NetBIOS communications (so it will work between 2 different networks) - this didn't work.

Does anybody have suggestions?





 
Expert Comment

Miftaul2014-12-03 at 01:58:42ID: 40478123




Please check your printer is the default gateway is set to SonicWALL LAN interface IP Address. This is required for printing to an from different subnet.

 I believe you correctly allowed printing from WLAN zone to LAN Printers. You can check like below.
0
 
LVL 1

Author Comment

by:April33
ID: 40490534
I did verify the correct LAN gateway on the printers and still no go.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 40490543
did you check the Firewall - > access rule, WAN to LAN zone and that there is a rule allowing traffic from internet to your internal IP.
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 40490544
I followed your (Miftaul) recipe...
so just for clarity did you actually follow my steps in comment http:#a40480570 ?

Also, are you not running the printer in a print server. If you set them up on a server all you need to connect to them is start > run, type "//server_name", press OK, then R-click on the printer and select connect. dummy-proof?!
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 40490585
I understand the printing is working fine from WLAN to LAN. But the issue is, your network search feature is not working for printers from the installer. and you prefer to install the printers using the installer CD that uses the printer search. I assume, you set a IP address to the network printers.

The network printer search feature works only within the subnet. Here WiFi subnet is different than the LAN subnet and as such although we allowed the access rule and NetBIOS broadcast, the search is not working. But printing to the printers IP will work just fine.

Here are the possibilities to add the network printers.

1. Add the printer using the IP address (Network printer search will fail for printers in different subnet)
2. If your WLAN interface is bridged to the LAN, then your wireless devices are on the same subnet as LAN. This time the Network Printer search feature will work fine from teh installer CD.
3. Take the wireless PC(where we are trying to install the printer) and connect that to the LAN, Run the installer CD and install the printer. Once the printer is installed, you can disconnect the PC from the LAN and connect to your wireless, this time the printing will continue to work. (I assume your printer has a static IP address on the LAN).
0
 
LVL 1

Author Comment

by:April33
ID: 40490599
I tried to Bridge LAN to WLAN but it failed?
Seems this is the way to go.  How do I go about this option?
0
 
LVL 25

Assisted Solution

by:Blue Street Tech
Blue Street Tech earned 1000 total points
ID: 40490603

Setting up an L2 Bridge Mode (WLAN and LAN on same subnet)

mention here (http:#a40480570)

1. Interfaces

For configuring the SonicWALL WLAN interface go to Network > Interfaces > WLAN configure. Select the IP Assignment to Layer 2 Bridge Mode. And on the Bridge to drop-down menu select X0 which is the default LAN on the SonicWALL.
 
(Note: You can bridge the SonicWALL WLAN with the interface that belongs to LAN or DMZ zone or in other words to any interface which belongs to a custom created zone of Type “Trusted” and “Public”. We cannot create the Bridge Pair to WAN which is a Untrusted zone or any interface which is part of the WAN zone)

2. Zones

After selecting the Primary Bridged Interface. Click on OK and save the settings. You will get an warning pop-up message that says “Interface Bridge Doesn’t Change its zone. Only allow rule between bridge pair will be auto-added.  Please add other necessary rules manually." Click OK on the box.

3. Changes to Note

Now the X0 Interface and the W0 interface are bridged with the same IP address for their Interfaces.
 
An auto added allow access rule will be created from WLAN to LAN under Firewall Access rules.

Under Network > Address Objects page both W0 (WLAN) Subnet and LAN Primary Subnet will be pointing to the same subnet.
 
When wireless clients connect to the SonicWALL WLAN they will get an IP address from the SonicWALL LAN Segment.
If the SonicWALL is the DHCP server the WLAN clients can get an IP from the LAN DHCP lease scope on the SonicWALL. If there is a DHCP server we don’t need to create an IP Helper policy since the WLAN and LAN fall under bridge pair. No relay IP is needed. The wireless client computers can access the local resources and the Internet without any Access Rule.

In this example I am using bridging between X0 and the in-built wireless interface (W0). When using SonicPoint (connected to say the X2 interface), connect the X0 (LAN) interface and the SonicPoints (connected to the X2 (WLAN) interface), to separate switches.
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 1000 total points
ID: 40490703
Go to "Network -> Interfaces" and "Edit" the WLAN interface (my wireless is X0 here)1.jpg
You will see something like this2.jpgSelect "Layer 2 Bridged Mode" for Mode / IP Assignment and Bridge to "X0" Interface
The interfaces will look like this 3.jpgYour wireless interface is now bridged to LAN X0. and your Wireless devices will receive IP address in the range of LAN Subnet.
As we already have the required WLAN to LAN access rules defined, you now should be able to run the printer installer CD and the network printers should be viewable now.
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 40490707
This is getting a bit duplicative...no?
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 40490776
Waiting for the day, when EE pages will refresh to see the recent changes and/or EE allow you to delete your own comments.
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 40491490
Lol true! :)
0
 
LVL 1

Author Closing Comment

by:April33
ID: 40493091
Once I Bridged the 2 networks, all printing and printer searches were working from both LAN and WLAN!

Thanks Guys!
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 40493096
Nice that it worked, thanks for the points.

I thought you will award me points on my comment ID: 40490585.
0

Featured Post

Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question