Options
Printing through the firewall
I have an WFH user who has to print checks to an office printer once a week. She connects via the client VPN and prints to the networked printer. She says it's very slow. I wanted to set up a policy that allows her to print directly to the printer without using the VPN, to see if that's any faster for her, but I'm not having any luck. Can anyone give me some details as to how this should be set up? Thanks.
0
Sign In to comment.
Comments
From where, to where, using what printing protocol?
Unencrypted traffic could be a security risk.
I don't know what protocol to use. I've tried TCP-UDP to any port. Coming from her home IP to our external IP then forwarded to the printer. But I can't get that to work at all. That's why I was hoping for some guidance.
What denies do you see in Traffic Monitor from her public IP addr?
This will tell you the protocol & port being used
The default is to not allow any connections from the Internet to the firewall or to devices behind the firewall.
You need to add policies to allow incoming traffic from the Internet to devices behind your firewall. The policies need to use SNAT (Static NAT).
Example of using SNAT with WSM Policy Manager:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/configuration_examples/snat_web_server_config_example.html
What printer type is this & what print app is being used?
To find out more why the current method is slow:
. What client VPN type is being used?
. What is her ISP upload/down load speed?
. What is your ISP upload/down load speed connection to the firewall?
HP has an E-Print option which may work for you. I've used it before.
Not certain as to it's security for printing checks, but it's worth a look.
https://www.hp.com/us-en/shop/tech-takes/what-is-hp-eprint
It's usually something simple.
If you're using Windows File/Print sharing to get to a mapped printer, it'll run into the same limitations as windows file sharing via the same protocol (SMB.) SMB does not handle connections that introduce latency well (the sending computer will basically wait for an acknowledgment before sending more data, which slows the whole connection down as soon as any latency is introduced.)
It would help to understand how much time this is adding to the job and what protocol is being used to send data to the printer.
I would strongly caution against opening rules for "TCP/UDP Any" instead of learning what ports are in use -- especially if either the printer or the user's workstations are being exposed to the internet.
-James Carson
WatchGuard Customer Support
Thanks for the reply's.
shaazaminator, It's an HP printer, but it doesn't have the function, so that's not an option at this point, but thanks.
James, the printer is networked and not shared. I was trying to print directly to it. Unfortunately, I'm not seeing anything hit the firewall to determine the port and protocol. I'm not sure why, I created a printer port in windows using our external ip address and try printing a test print, but nothing.
Bruce, Thanks. That's pretty much what I was looking for. But like I said, I'm not seeing anything from the external IP getting to our firewall, I don't know why yet. I don't know what her internet speeds are yet. Ours is 100Mbs up and down. She's using the Watchguard SSL VPN client to connect.
IKEv2 VPN client is usually much faster that SSLVPN, so consider getting that installed.
Mobile VPN with IKEv2
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ikev2/mvpn_ikev2_about_c.html
Without seeing denies in your firewall logs, it is hard to figure out what the issue is - perhaps a local firewall on the PC blocking the access?
What exact HP printer model is this?
Often TCP port 9100 is used for printing to HP networked printers.
https://support.hp.com/us-en/document/c02480766