I've been asked to consult and help out a company with their network infrastructure and hardening their network a bit.
All of their routing is done on a sonicwall tz500.
They have a wireless access point connected on X4, in bridge mode, with DHCP on X4.
X4 is set in a custom "Wireless" zone.
The Wireless zone is only allowed to access the WAN internet gateway IP and the LAN printer IP.
Which gives all wireless clients access to the internet and printer (direct IP).
There is an address group object which holds "authorized" wireless clients who should be allowed to access the entire LAN as well.
These rules are working without an issue.
The problem is, there are users complaining that the "Discovery" of the printer is failing.
I understand that this is an issue because broadcasting by default wont traverse from the LAN interface X0 to the Wireless zone/X4 interface.
Both interfaces have DHCP running on the Sonicwall with different IP pools. Both interfaces have the same subnet mask.
Is there a setting I'm missing on the Sonicwall, or a rule I can configure, that would advertise the printer on the "Wireless" zone?
Or is it impossible to forward broadcast packets from one interface subnet to another?
Edit: I enabled IP Helper and created reflexive rules across the interfaces for Bonjour(mDNS) and NETBIOS hoping that will allow wireless clients to see the printers.
No comments:
Post a Comment