Two separate networks sharing one leased copier/printer
I have a situation where we have two law firms sharing office space. Both have their own ISP provider, phone system and network
However, they want to share a new leased copier so that the good print, scan via SMB and make copies.
- the copier has only one network port and a USB port.
- Confirmed that this copier does not support an external wireless adapter which I was hoping it did so I could allow one of the network to communicate to the wireless adapter using their IP subnet. That is not an option
- I do not want to add a second NIC to every PC under one of the law firm’s network
I was thinking about purchasing a USB to network converter that I could attach to the copier/printer and onto one of the networks. Not sure this is a feasible workaround
Would appreciate any feedback
However, they want to share a new leased copier so that the good print, scan via SMB and make copies.
- the copier has only one network port and a USB port.
- Confirmed that this copier does not support an external wireless adapter which I was hoping it did so I could allow one of the network to communicate to the wireless adapter using their IP subnet. That is not an option
- I do not want to add a second NIC to every PC under one of the law firm’s network
I was thinking about purchasing a USB to network converter that I could attach to the copier/printer and onto one of the networks. Not sure this is a feasible workaround
Would appreciate any feedback
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You may want to look at something like google cloud print.
I have never used it myself but it should provide the functionality you need.
I have never used it myself but it should provide the functionality you need.
You could set up a router with three connections: LAN A, LAN B, and the printer. You could then set up rules to allow communication between LAN A and the printer, between LAN B and the printer, and NOT allow communication between LAN A and LAN B.
This would take something more than your basic WiFi router but need not be too expensive. I've become a fan of using PFSense (free software) running on an inexpensive PC with a 4-port NIC. With used hardware, it can be done very well for $200 plus your time to set it up. If you have any retired PCs lying around, one may be more than adequate with the addition of the 4-port NIC.
I'm assuming that your printer has the ability to scan to a different subnet. I'm also assuming that neither router presently in use has the ability to do the restrictions I was mentioning. If they do, than you should be able to accomplish this with cabling and some router configuring.
This would take something more than your basic WiFi router but need not be too expensive. I've become a fan of using PFSense (free software) running on an inexpensive PC with a 4-port NIC. With used hardware, it can be done very well for $200 plus your time to set it up. If you have any retired PCs lying around, one may be more than adequate with the addition of the 4-port NIC.
I'm assuming that your printer has the ability to scan to a different subnet. I'm also assuming that neither router presently in use has the ability to do the restrictions I was mentioning. If they do, than you should be able to accomplish this with cabling and some router configuring.
Sending legal documents (most of these are confidential in nature) through the google scanners & data warehouse... what could possibly go wrong there...?...
If you have scanning with authorisations then possibly a company pass can be used to authenticate scanning AND send it to the right user (though Mail fe. That would require a bit more involved "printer server" though.
ASKER
I was just thinking the same. There are a lot of confidential documents
I think we may have to go the print server way and then just "scan to email"
Both firms are using a Comcast gateway. For my client, I also have a router. Not sure or if the other firm wants me to have control setting up two subnets on our router
I think we may have to go the print server way and then just "scan to email"
Both firms are using a Comcast gateway. For my client, I also have a router. Not sure or if the other firm wants me to have control setting up two subnets on our router
If you add a router between the two networks, you'll need nothing from the other firm other than permission to connect to their network.
ASKER
All of this would be so simple if both firms would agree to sit on the same network
That might be impossible due to privileged information.. (and what if one lawyer in one firm needs to go against one in the other firm)...
Then the one network would surely make it a conflict of interest.
The printing part would still be relatively easy... It is the scanning part that makes it hard....
If scanning through mail is done you still need a mailserver on your "printserver" to send it the right way.
Then the one network would surely make it a conflict of interest.
The printing part would still be relatively easy... It is the scanning part that makes it hard....
If scanning through mail is done you still need a mailserver on your "printserver" to send it the right way.
ASKER
basically, if the other firm allowed connecting to their network , then I would rather talk them into having both firms on the same network. Talks are currently pending with both firms
Keep in mind that the "connecting" to which I'm referring would be programmed in the router to go no further than the printer. They'd have to trust (or have their IT person/people confirm) that you've properly implemented the firewall to keep the two networks separate. I would think that's much easier than sorting out all of the potential security issues if both networks are joined.
What we did for this situation:
Dedicated SonicWALL Router with MFP plugged in to LAN port at 10.10.10.10
WAN 0: Plugged in to firm 1 with static 10.20.10.10
WAN 1: Plugged in to firm 2 with static 10.30.10.10
Firewall Rules set up on both WAN ports publishing MFP at the above LAN address.
Print Server set up with TCP/IP Port of respective WAN IP at each firm.
Publish MFP via Group Policy.
Dedicated SonicWALL Router with MFP plugged in to LAN port at 10.10.10.10
WAN 0: Plugged in to firm 1 with static 10.20.10.10
WAN 1: Plugged in to firm 2 with static 10.30.10.10
Firewall Rules set up on both WAN ports publishing MFP at the above LAN address.
Print Server set up with TCP/IP Port of respective WAN IP at each firm.
Publish MFP via Group Policy.
ASKER
noci, we would be doing scanning to an email on the copier itself and not using it from the printserver. The other firm would just be scanning to SMB
Phillip Elder, I do have a Netgear Prosafe 336g version 3 router that supports two WANS. I usually use both WAN ports for isp redundancy (Comcast and Verizon)
I'm working towards keeping this simple and the only way to do it simply is to be on the same network. I'll keep everyone posted and appreciate all input.
Phillip Elder, I do have a Netgear Prosafe 336g version 3 router that supports two WANS. I usually use both WAN ports for isp redundancy (Comcast and Verizon)
I'm working towards keeping this simple and the only way to do it simply is to be on the same network. I'll keep everyone posted and appreciate all input.
Having everyone on the same subnet is not a good place to be in.
If one gets compromised the likelihood of the other getting hit increases.
The solution I've outlined is simple to deploy and keeps the necessary air-gap in place between the two networks.
If one gets compromised the likelihood of the other getting hit increases.
The solution I've outlined is simple to deploy and keeps the necessary air-gap in place between the two networks.
ASKER
thanks for your comment Philip,
SonicWALL routers are extremely expensive These two firms are a two-employee company each. There are budget constraints hence the sharing of a copier
SonicWALL routers are extremely expensive These two firms are a two-employee company each. There are budget constraints hence the sharing of a copier
What's wrong with using the Netgear Prosafe 336g to set this up?
If it has dual WAN ports it should be able to plug in to the two networks and provide the necessary forwarding rules?
If it has dual WAN ports it should be able to plug in to the two networks and provide the necessary forwarding rules?
Any PC can be setup as a router. It just needs two network adapters.
Put some linux on it and you can easily manage it's firewall.
On your scale it is not rocket science.
Put some linux on it and you can easily manage it's firewall.
On your scale it is not rocket science.
i would use an firewall and do some nat.
then for both firms is looks like the printer is local connected to there own network.
just nat the a local address in both networks to the printer. and let the printer send mails through on of the gateways.
you can use any kind of devices brand is not very importand.
but dont use, some old pc as a opensource firewall. if the pc dies everything has to be setup again.
just buy a new device.
then for both firms is looks like the printer is local connected to there own network.
just nat the a local address in both networks to the printer. and let the printer send mails through on of the gateways.
you can use any kind of devices brand is not very importand.
but dont use, some old pc as a opensource firewall. if the pc dies everything has to be setup again.
just buy a new device.
ASKER
Thank for everyone's input
ASKER