tcp 515 between isolated legs. Printer sharing bwtwee isolated legs
I have a customer I sold a T25-W firebox to. The general office Ethernet leg is isolated from the wireless leg as they have a lot of untrustworthy guests signing in on the wireless. I would posit that about 1/2 these guest log ons to the wireless will/are infected.
Problem: the guests on the wireless want access to the general office's three network printers. Just the printers on LPR/LPD tcp port 515. NOTHING ELSE!
How do I do a allow only this traffic from the wireless leg to get the isolated general office leg's printers?
Best Answers
-
Add a Custom Packet Filter for TCP port 515.
Add that as a policy From: the wireless subnet or firewall interface name To: the IP addrs of the printersCreate or Edit a Custom Policy Template
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/policy_create_custom_c.html0
