Wireless Printing Being Block by Network Threat Protection
Created: 14 Mar 2013 | 14 comments
I've Googled this one quite a bit and came across a lot of garbled responses. Hopefully this will get some decent answers.
Now, I have a firewall policy that's applied for any client that goes off of the network. When in unmanaged mode I want the client basically locked down.
The only problem with that is all users lost wireless printing functionality.
How can I allow wireless printing without opening up too many ports, services, or IP's? How can it be locked down to ONLY allow wireless printing?
Is there a set number of ports and services to allow this traffic?
Here are some logs to help out.
Note: This user is on their home wireless network trying to print to a wireless printer.
| 14018 | 3/12/2013 9:50 | Blocked | 15 | Outgoing | UDP | 10.0.1.11 | 84-4B-F5-07-E5-20 | 427 | 10.0.1.38 | 10-0B-A9-BA-1F-BC | 1596 | C:\HP_SI_CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\7zS68BB\Installer\hpbcsiInstaller.exe | Block all other traffic |
| 14019 | 3/12/2013 9:50 | Blocked | 15 | Outgoing | UDP | 10.0.1.11 | 84-4B-F5-07-E5-20 | 3702 | 10.0.1.38 | 10-0B-A9-BA-1F-BC | 1597 | C:\HP_SI_CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\7zS68BB\Installer\hpbcsiInstaller.exe | Block all other traffic |
| 14022 | 3/12/2013 9:50 | Blocked | 15 | Outgoing | UDP | 10.0.1.11 | 84-4B-F5-07-E5-20 | 427 | 10.0.1.38 | 10-0B-A9-BA-1F-BC | 1606 | C:\HP_SI_CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\7zS68BB\Installer\hpbcsiInstaller.exe | Block all other traffic |
| 14023 | 3/12/2013 9:50 | Blocked | 15 | Outgoing | UDP | 10.0.1.11 | 84-4B-F5-07-E5-20 | 3702 | 10.0.1.38 | 10-0B-A9-BA-1F-BC | 1607 | C:\HP_SI_CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\7zS68BB\Installer\hpbcsiInstaller.exe | Block all other traffic |
| 14028 | 3/12/2013 9:54 | Blocked | 15 | Incoming | ETHERNET [type=0x806] | 10.0.1.11 | 84-4B-F5-07-E5-20 | 0 | 10.0.1.38 | 10-0B-A9-BA-1F-BC | 2054 | Block all other traffic |
Operating Systems:
Discussion Filed Under:
Comments 14 Comments • Jump to latest comment
Is the wireless NIC being blocked on their machine or is just the printer being blocked?
Looking at the above which IP address is the printer and which is the client?
You can create a rule based on this KB article
How to create a firewall rule to allow wireless connections on unmanaged client
It is for unmanaged clients but you can still create the rule in the SEPM for Ethernet type 0x888E
SEP Knowledge Base
Endpoint SWAT
Sorry about that. The printer is actually 10.0.1.11
Have you tried adding a rule to allow traffic to/from only the printer IP?
SEP Knowledge Base
Endpoint SWAT
It's just the wireless printer being blocked. I can certainly open up just the ports and tie it to UDP, but I'm not sure if that's the only wireless printer. Since this is for end users with their own wireless printers who's to say another manufacturer doesn't use another port?
Ahhh so there are multiple printers?
SEP Knowledge Base
Endpoint SWAT
Yes, but that's a band-aid approach. I need something long term for all wireless printers. Not just the one sitting at that IP address. Mind you this policy applies to about 200+ users.
Hello,
Check these Articles:
How to enable file and printer sharing with Symantec Endpoint Protection installed
http://www.symantec.com/docs/TECH90999
Manually enabling network file and printer browsing for unmanaged Symantec Endpoint Protection 11.0 clients.
http://www.symantec.com/docs/TECH102586
Firewall Policies on Unmanaged Clients
http://www.symantec.com/docs/TECH105725
How to create a firewall rule to allow wireless connections on unmanaged client
http://www.symantec.com/docs/TECH141066
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Is this HP Officejet printer? I see on your screenshot two repeated ports referred - 427, 3702 -> try to set firewall allow rules to this ports for udp traffic.
Beside that could you check in your printer documentation if the producer provides any information about what ports need to be allowed for the communication to the printer?
Here a something similar for one of HP printers (lists among the ports 427 as well):
http://h30434.www3.hp.com/t5/Printer-Networking-an...
Here another documentation from HP :
http://h20000.www2.hp.com/bizsupport/TechSupport/D...
Are there a lot of lazy readers on this site?
SebastianZ, Yes but that would fix only the HP printer. What about other printers? Should I create a rule for every printer manufacturer? That's just not a good solution.
Maybe I'm over complicating things.
What I'm beginning to gather is that multiple rules have to be setup for each wireless printer? I'm assuming all wireless printers do not communicate over the same ports?
Considering NTP requires less than 40 rules in their policies, this isn't a great solution for unmanaged users. Plus, having too many open ports isn't exactly "locked" down for unmanaged 'Remote' users off the corporate network.
Well, if these are from different manufacturers the ports will be definitely different as well. Maybe you can somehow limit the NTP rules by grouping the users by the type of printers they use - not sure if this possible in your case, or if each user has access to many different printers.
It's basically giving them the capability to use their home wireless printers. Since our unmanaged "remote" policy completely locks down the system they cannot print. Personally, I would like to keep it that way and not have to open up UDP ports for every singe printer manufacturer out there. I was hoping there was maybe a one size fits all solution, but I don't think there is.
I am affraid there won't be any other "one for all" solution than to create a single firewall rule and set a number of UDP remote ports (as per manufacturer specifications) to be allowed with it.
Hi
What is the version of SEP client installed ?
Regards
Would you like to reply?
Login or Register to post your comment.