Network Drive setup + security


Recommended Posts

So just add that network to your sonicwall interface and connect into that other network with the sonicwall.

You might have to readdress your network space.. I don't recall the specifics.. And just looked over thread again and you never seem to give what networks your working with 192.168.0.0/24 10.x.x.x/? etc..

But lets for example say the common network use to be 192.168.1.0/24

Just make your network 192.168.2.0/24 and connect the other network to a port on your sonicwall. Then in sonicwall firewall only allow your machines to talk to the port and IP of the printer.

Now your still isolated by firewall, and have access to the printer.

Link to comment
Share on other sites

Our Network is on 192.168.0.x space. I am not sure what the other companies is set it and don't have access to that. If I can set this up with out having to mess with their network or have them call their IT person in that would be great. 

Link to comment
Share on other sites

You use to be on their network ;)  So I take it is 192.168.0.0/24 still - unless you changed yours?

 

What is the IP and mask of the printer your trying to access?  From a security point of view I would really change your address space to be different from theirs.  If you do that you could do it via putting a print server on their network without having to deal with their IT person, other than what IP you can use on that network?

 

But if you want to connect to their printer after changing yours you would have to get with them so that printer would know how to talk to your network.

 

Other way is to leave your network same as theirs, and just firewall on sonicwall to only allow specific port (printer port) out that interface you connect back to their switch with..  Or change your network and then nat into their network at the sonic wall.. So that all print jobs coming from your network would look like they are coming from the printers own network.

 

There are always plenty of ways to skin the cat..

Link to comment
Share on other sites

I was able to get over to the office this weekend. The other office is on a 10.10.10.x space. I was looking at the old server which was set up to print to the copier which is at 10.10.10.56. Its a Ricoh c5000.  It is still able to print fine to the copier, however our two client computers cannot find that ip address. I tried pulling up the Ricoh web based page and tried adding the printer manually, nothing. All with the same settings and driver version as what is on the server I have a feeling the copier has a firewall or specific client computers set up to print and I cannot access that information. 

Link to comment
Share on other sites

Dude - you isolated the network did you not, so how would they talk to that IP.. I highly doubt the printer has a freaking firewall ;)

How hard is it to post up the ipconfig /all ??

"The other office is on a 10.10.10.x space"

So how exactly did you print to this if your on 192 before? -- something must of been routing, or you had a print server that has IPs on both networks?

I suggest you just hire someone to come in and fix you up. I can not walk you through with info like "The other office is on a 10.10.10.x space" ;)

Link to comment
Share on other sites

Sorry man, I was in a rush last night. 

 

The server was able to print to the copier before I started this whole process. What I was trying to say is that my dads network looks like it was already isolated ip wise before I started this. 

I believe my Dad was going to contact their IT person to see how the copier is routed, because the switches that they have set up are all unmanaged.

I posted the ipconfig from the server at the moment 

post-56246-0-29539700-1384212206.png

Link to comment
Share on other sites

Open up a command prompt on that server and type in

Route print

Post results.

The server nic has two ips on it. There was probably a route setup for that network on the server.

Link to comment
Share on other sites

So 192.168.0.254 is the ip of the Cisco router. He didn't have to give the 10.x.x.x ip to the server as a secondary ip address, he just needed that route statement in there. Like I stated before a smart switch that has layer 3 capabilities would work for you just fine. But you can try to verify the ip on the other network if you want to see if that in fact is.what you need. The printer may have a route statement in the network config to be able to.talk back to your network or the router on their end has that statement in it.

Link to comment
Share on other sites

I'm guessing then this is why our two client computers can't connect to the printer? What would I need to set up on those computers to be able to print if I were to keep the current set up before going with a switch. 

 

Would a usb to ethernet print server be a better option as to not having to mess with their network? 

Link to comment
Share on other sites

yep then you are going to need more than that usb...the internet should be dead for one out of two of you.

 

You will need that smart switch in ASAP.  The usb print server will only solve the printer issue, the internet will break for the other side.  I am guessing that the internet works through your router/modem/firewall.

Link to comment
Share on other sites

I'm not sure how its all set up to be honest for the internet. If you look back I posted a network map, but that was all set up before me and has been working fine.  There is a switch from the modem that splits to our sonicwall and their sonic wall, but I need to check if its managed, Im pretty sure it is

Link to comment
Share on other sites

Here is the deal, the network needs to be redesigned bad.  You can use one sonicwall to handle the traffic of both offices.  It should look like a pyramid not a cluster frak.  There is no security between networks if both networks can see each other, it negates the need for 1 of two sonicwalls as it sits the way it is. 

 

Here is how I would set it up. 

 

You have vlan1 for shared resources like the sonicwall and the printer, vlan2 for one office, and vlan3 for the other.  Vlan2 and 3 do not know each other exist but both communicate to vlan1.  Vlan1 will then be able to go out to the internet and anything connected to vlan1 would also, meaning vlan2 and vlan3.  All computers be connected to the proper vlan, your dads company computers and server on one vlan2 and the other companys computers and servers on vlan3.  That would be a simple proper setup, not the cluster you see there. 

 

Quite honestly I don't know how someone could have setup that cluster and have everything working without weeks of setup/trial and error.  With the right equipment, I could have that setup the way I describe in a day or less.  A day if I remote in and have you do all the physical connections...but that would be difficult because you would have to uncluster frak the site physically.  Looking at that second ip on the server nic, that does absolutely nothing by the way (it isn't even on the right lan for it to function), is a testament of trial and error and not being cleaned up properly.

Link to comment
Share on other sites

Thanks for the info, and it really helps. Only thing though is that I don't have access to their network or permission to un cluster frak their mess haha. I wish I could do what you are talking about, but would need to discuss with them to see if they are ok with this. 

Link to comment
Share on other sites

Show us your current drawing.. How did you change the drawing you posted so that your machines are now isolated and can not talk to the printer?

Since this server can printer to the printer, use it as a print server. Just give it a second nic and put the address on that interface, and then run that interface into their network.

Link to comment
Share on other sites

Here is an updated Drawing. 

Now keep in mind, the plan was to ditch the server. I haven't diagnosed the hardware yet, but its about 10-11 years old a Pentium 4  1.8 ghz 2gb Ram. Which would be more than enough to just run a print server which is essentially what its doing now. Only thing though is that the Cryptolocker malware seems to have slowed it way down even though it has been removed. Its going to need a reformat either way and has never had one. The shared copier/print is shared on the server for my dads office. This was the way for the clients to print, and this still works. However I am planning ahead if the server is to be removed which is why I was trying to direct connect the clients to the copier. 

 

With the updated map as you can see I am still wired into their network and hope to be able to disconnect from theirs. The easiest thing I am thinking right now is to buy one of those usb / Ethernet print servers and establishing that as network for my dads sonicwall to connect to. This seems like a easier way instead of having to buy new switches and undoing parts of their network as well as getting their IT specialist in 

post-56246-0-29239300-1384279450.jpg

Link to comment
Share on other sites

Hey guys wanted to post an update. I bought a Hawking USB print sever and set it with an appropriate ip address and wired it into the sonicwall. Now its set up fine, I was able to connect to the copier, and the client computers are able to print. However, the issue that I am having is that the copier decides to cancel the prints after they are sent. Aka it start the process of printing and then cancels the job right away. I have set up the driver to use the correct user code. Its a Ricoh Aficio MP5000 which I am not sure if it is compatible or not. Now my plan is Monday to call Ricoh to see if this copier will work correctly with a usb print server, I might just be having some administrative access issues as well to it. With that aside I was going to see if the usb print server fails and is not an option, to set up our sonicwall to route to their network just for the printer. Currently the only route that is set up is on our server above 

As you can see above, our server was set to route to 10.10.10.10. 

The printer ip is 10.10.10.56 

Their sonicwall is 10.10.10.50

 

Now my question is, in the Sonicwall first off how do I set up the route on a TZ Series. Its a bit more complex interface than other routers I have used. Do I need to assign the individual port (x3) an ip from their network, or can I just leave it as part of X0/LAN

Secondly, should I set up the route to go to 10.10.10.10 like our server was set up? Or should I route directly to the Printer, with port forwarding for port 9100. Let me know if you need any pics for reference

Link to comment
Share on other sites

I can assure you that my Ricoh mp4001 and 4002's work great with hp jetdirect usb print servers, can't say the same about Hawkins, we don't have them.

I never really liked hawking print servers, they always seemed to give me some problems.

I will look at my tz200 and do a write up for you maybe tomorrow. 

Link to comment
Share on other sites

I would imagine there shouldn't be a problem with the Hawking ones, the print goes through to the copier, its just when its about to print the copier cancels it right away. 

Link to comment
Share on other sites

I got everything working with the print server last night, had to download a different driver from Ricoh for the copier to work right. Now everything is working great, and was able to fully disconnect from their network and disable that extra route on the old server.  It looks like everything is good to go now and won't need to set up a route in the sonicwall  Thanks for the help guys!

Link to comment
Share on other sites

Hello,

I got everything working with the print server last night, had to download a different driver from Ricoh for the copier to work right. Now everything is working great, and was able to fully disconnect from their network and disable that extra route on the old server.  It looks like everything is good to go now and won't need to set up a route in the sonicwall  Thanks for the help guys!

Complicated scenario you had there. Just remember to mark whoever solved your problem the most as answered :)
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.