Sonicwall LAN to Wifi Network

I have a Sonicwall TZ105 and need people on the Wifi to be able to print to 2 Network Printers that are on the wired LAN.

I have tried several things like setting the WLAN and LAN in the firewall to Allow Any access going both ways.  

I can ping the printer over the WiFi but the printing only works when plugged into the wired LAN.

What am I missing?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What is happening if you browse the network without Wired LAN ?It shows the printers? ( or using UNC can you see the printer ?say \\printerip

Why do talk about firewall Wifi and wired are in different subnet/network?
April33Author Commented:
The Wireless subnet is on 172.16.31.x and the Wired is on 192.168.168.x
since you can ping the printer IP  then routing is ok with these two networks then only doubt the packet filter rules

but you said that you have allowed all in both directions .I think you missed some thing when you configured this .File and printer share ports are need to be enabled in both directions.

printer and driver is ok because you can print when you connect to wired NW .so I doubt the firewall rules
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

Please check your printer is the default gateway is set to SonicWALL LAN interface IP Address. This is required for printing to an from different subnet.

I believe you correctly allowed printing from WLAN zone to LAN Printers. You can check like below.

1. Create address object for the printer IPs.

Go to "Network --> Address objects" and add a new address object like below.
Add Obj2. Create Firewall Rule allow traffic from WLAN subnet to the Printers.

Go to "Firewall -> Access Rules" and select Matrix Type.
MatrixSelect "WLAN -> LAN" and add a new rule like below
Access RuleNow, Wireless devices should be able to print to the printers.
April33Author Commented:
Miftaul - I will give this a try.
Thanks, if you face any issues, please do post here.
Yes I forgot about the gateway part .
Blue Street TechLast KnightCommented:
Hi sumeshbnr,

Provided that you need to setup the printer correctly in the LAN Zone then the instruction is very straight forward.

If you are simply making Any/All services communicate with each other then it defeats the purpose of having a separate Security Zone and you should consider just setting up an L2 Bridge Mode (WLAN and LAN on same subnet). If you need instruction on this simply ask and I will provide you with detailed steps for this as well.

Otherwise, to allow printing on the LAN from the WLAN all you need to do is find out which port the printer is communicating on (typically 9100) and explicitly open just that to the WLAN. If you have difficulty determining which port it is using, alternatively, you could explicitly allow the IP Address of the printer provided that you have setup a DHCP Reservation for the printer itself. Below are instructions on how to allow only port 9100 to the LAN from the WLAN.

 By default, SonicWALL blocks traffic from Wireless to LAN, therefore wireless devices will not be able to communicate to the printer on the LAN Zone.

Printers use various ports for receiving a print job from users (e.g.: Most of the Printers use Standard Port 9100 (TCP & UDP)), opening the printer port (e.g.: port 9100) from WLAN to LAN Zone resolves the issue.

Follow these steps to Add an Allow rule from WLAN to LAN:

1. Login

Login to the SonicWALL Appliance, go to Firewall > Access Rules. Select Matrix Style Viewing and select WLAN > LAN.

2. Add Access Rule

Click on Add button and configure the following:
Action: Allow
From Zone: WLAN
To Zone: LAN
Service: <The custom created port for printing (Usually TCP & UDP port 9100 is used)>
Source: Any
Destination: <The address object for the printer on the LAN>
Users Allowed: All
Schedule: Always on
Comment: <Add a comment that gives the purpose of the rule (Eg: Print from WLAN to LAN)>

Click Ok to add this rule
Alternatively attach the printer to a Windows server or PC, and use Pinter Sharing.

Note: Your newly created Access Rule should be higher in Priority than any other rule in the WLAN>LAN Zone.

Note: You can contact your printer manufacturer to know the exact port numbers used by your printer.

Let me know if you have any questions!
April33Author Commented:
I followed your (Miftaul) recipe and was able to print to both printers after installing them manually.  The problem is that I need the printer set up to be monkey proof.  If I put in the Install CD and run it, it will not find the printers when it searches.  I need to put in the IP of the printer for it to install.  

I'm not sure how the installer finds printers but I tried using the IP Helper in the Sonicwall and adding an entry for NetBIOS communications (so it will work between 2 different networks) - this didn't work.

Does anybody have suggestions?

Expert Comment

Miftaul2014-12-03 at 01:58:42ID: 40478123

Please check your printer is the default gateway is set to SonicWALL LAN interface IP Address. This is required for printing to an from different subnet.

 I believe you correctly allowed printing from WLAN zone to LAN Printers. You can check like below.
April33Author Commented:
I did verify the correct LAN gateway on the printers and still no go.
did you check the Firewall - > access rule, WAN to LAN zone and that there is a rule allowing traffic from internet to your internal IP.
Blue Street TechLast KnightCommented:
I followed your (Miftaul) recipe...
so just for clarity did you actually follow my steps in comment http:#a40480570 ?

Also, are you not running the printer in a print server. If you set them up on a server all you need to connect to them is start > run, type "//server_name", press OK, then R-click on the printer and select connect. dummy-proof?!
I understand the printing is working fine from WLAN to LAN. But the issue is, your network search feature is not working for printers from the installer. and you prefer to install the printers using the installer CD that uses the printer search. I assume, you set a IP address to the network printers.

The network printer search feature works only within the subnet. Here WiFi subnet is different than the LAN subnet and as such although we allowed the access rule and NetBIOS broadcast, the search is not working. But printing to the printers IP will work just fine.

Here are the possibilities to add the network printers.

1. Add the printer using the IP address (Network printer search will fail for printers in different subnet)
2. If your WLAN interface is bridged to the LAN, then your wireless devices are on the same subnet as LAN. This time the Network Printer search feature will work fine from teh installer CD.
3. Take the wireless PC(where we are trying to install the printer) and connect that to the LAN, Run the installer CD and install the printer. Once the printer is installed, you can disconnect the PC from the LAN and connect to your wireless, this time the printing will continue to work. (I assume your printer has a static IP address on the LAN).
April33Author Commented:
I tried to Bridge LAN to WLAN but it failed?
Seems this is the way to go.  How do I go about this option?
Blue Street TechLast KnightCommented:

Setting up an L2 Bridge Mode (WLAN and LAN on same subnet)

mention here (http:#a40480570)

1. Interfaces

For configuring the SonicWALL WLAN interface go to Network > Interfaces > WLAN configure. Select the IP Assignment to Layer 2 Bridge Mode. And on the Bridge to drop-down menu select X0 which is the default LAN on the SonicWALL.
(Note: You can bridge the SonicWALL WLAN with the interface that belongs to LAN or DMZ zone or in other words to any interface which belongs to a custom created zone of Type “Trusted” and “Public”. We cannot create the Bridge Pair to WAN which is a Untrusted zone or any interface which is part of the WAN zone)

2. Zones

After selecting the Primary Bridged Interface. Click on OK and save the settings. You will get an warning pop-up message that says “Interface Bridge Doesn’t Change its zone. Only allow rule between bridge pair will be auto-added.  Please add other necessary rules manually." Click OK on the box.

3. Changes to Note

Now the X0 Interface and the W0 interface are bridged with the same IP address for their Interfaces.
An auto added allow access rule will be created from WLAN to LAN under Firewall Access rules.

Under Network > Address Objects page both W0 (WLAN) Subnet and LAN Primary Subnet will be pointing to the same subnet.
When wireless clients connect to the SonicWALL WLAN they will get an IP address from the SonicWALL LAN Segment.
If the SonicWALL is the DHCP server the WLAN clients can get an IP from the LAN DHCP lease scope on the SonicWALL. If there is a DHCP server we don’t need to create an IP Helper policy since the WLAN and LAN fall under bridge pair. No relay IP is needed. The wireless client computers can access the local resources and the Internet without any Access Rule.

In this example I am using bridging between X0 and the in-built wireless interface (W0). When using SonicPoint (connected to say the X2 interface), connect the X0 (LAN) interface and the SonicPoints (connected to the X2 (WLAN) interface), to separate switches.
Go to "Network -> Interfaces" and "Edit" the WLAN interface (my wireless is X0 here)1.jpg
You will see something like this2.jpgSelect "Layer 2 Bridged Mode" for Mode / IP Assignment and Bridge to "X0" Interface
The interfaces will look like this 3.jpgYour wireless interface is now bridged to LAN X0. and your Wireless devices will receive IP address in the range of LAN Subnet.
As we already have the required WLAN to LAN access rules defined, you now should be able to run the printer installer CD and the network printers should be viewable now.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
This is getting a bit
Waiting for the day, when EE pages will refresh to see the recent changes and/or EE allow you to delete your own comments.
Blue Street TechLast KnightCommented:
Lol true! :)
April33Author Commented:
Once I Bridged the 2 networks, all printing and printer searches were working from both LAN and WLAN!

Thanks Guys!
Nice that it worked, thanks for the points.

I thought you will award me points on my comment ID: 40490585.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.