Hello everybody,
We have a tiny problem with our network configuration.
We have three VLANs:
VLAN 1 - Secure
VLAN 2 - Unsecure
VLAN 3 - IoT
Our printers are in VLAN 3, and we want to make only them accessible to clients on VLANs 1 and 2. We could also create an extra VLAN for printers if required.
Our Windows clients are pretty locked down. It would be nice if the printers would appear on the client networks so that our users don't have to enter the IP manually, as this would likely overwhelm them.
As we only use IPv4, I feel like IPv4 Inbound rules could help, but it seems like there is no way to set them.
Ideally this should also work over the site-to-site VPN, so that everybody can see the printer at every site.
This kind of setup shouldn't be too uncommon, so maybe someone here knows how to configure this.
Thanks in advance.
Solved! Go to solution.
Going sideways, have you considered using a printer manager? They let you deploy printers automatically based on a user's location or site in locked-down environments.
But even if they try to add them manually, it doesn't work. How can I allow traffic from VLAN 1 & 2 to the printers?
I already added Outbound Firewall rules:
Allow anything VLAN 1&2 -> VLAN 3
Allow anything VLAN 3 -> VLAN 1&2
but as expected it doesn't work. I think I need to set IPv4 inbound rules, but there is no way to set them.
No, you don't need inbound rule, do you have any L3 rule configured on your network?
No, there is no L3 Rule except for the two I listed above. It doesn't work with or without them.
Just one correction, if you use a service like Bonjour or mDNS, it supports cross-VLAN discovery.
Going sideways, have you considered using a printer manager? They let you deploy printers automatically based on a user's location or site in locked-down environments.
I guess that is where we are heading. Thanks.