1. Home
  2. Networking Firewalls
  3. Printer in the DMZ.

Printer in the DMZ.

I have a small network with a wireless access point in the DMZ. The idea is that when our users are conencted to the wired network, they can access the entire internal network.

When they switch to wireless to roam around the site, they have public internet access only.

Problem is that we have only 1 printer and I'd like to be able to print to this from the DMZ or the internal network. Should I put the printer on the internal network or the DMZ?

I assume there is some way of configuring the firewall to allow traffic to/from the printer to pass to the DMZ.

Mark.

Reply to
mark.hannah
Loading thread data ...

If you want print from both LAN and DMZ the printer belongs into the DMZ.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Or as an alternate plan: If the printer has both a parallel/USB port AND a network port, hook up the network port the LAN, and an external printserver box to the other port.

This way, the printer is present in BOTH networks without having to modify the firewall, and will take a genius to get the printer to route traffic between the nets :-)

Juergen Nieveler

Reply to
Juergen Nieveler

You should use a VPN to access the printer. Some printers use windows operating system so if they are compromised, even if they cant access the LAN, they may tell the attacker what's being printed.

Reply to
rounner

That assumes the printer will accept data from two different ports. Or what happens when it received data on two different ports. Not all will support that.

Reply to
Andrew Rossmann

WTF? I heavily doubt that Windows runs well on ARM9 CPUs with ~ 100 MHz and only 4 MByte of RAM. Quite typical are Linux, JavaOS and some RTOS.

Indeed, the ones with JavaOS typically have the problem to allow everyone to upload his very own Java applets to the printer.

Reply to
Sebastian G.

My main concern was that he protect it from the internet not qualify my example vulnerability.

formatting link
read some of the stories. I've had similar experiences myself. You'd be amazed at how many black box appliances use windows os. They even use older versions because its not worth their while upgrading their software.

PS I thought ARM processors supported mobile windows os'es, but I dont know what the score of printers (out of hundreds if you include up to

10 years old) that use it are running.

Sorry for wasting your time, just trying to help.

Reply to
rounner

You can configure the firewall to accept/deny packets receving/sending to any printer in DMZ Zone. If the printer is IP based printer then you should not face any problem.

You can create rule like this.. Internal Subnet --------> DMZ Printer IP ------> Accpt --------

Above should work. As for low level to above level security zones we need to put policy.

Thanks .. CK

Reply to
CK

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.