I have a UDM Pro running 7.3.83. I want users on my Guest network to print to a printer that is on my main network (I only have to wi-fi networks - main and guest).
In Profiles | Guest Hotspot - I entered the printer static IP address in Allowed Authorization Access.
I enabled mDNS on my Guest Network
I created a Traffic rule that allows local network (Guest) - traffic direction to all networks and the target is the printers IP and set it to Always
Guest client device isolation is disabled
Any suggestions to enable Guest users to print is appreciated.
Not all printer will allow printing from another subnet and don’t use the UDM enough to be certain if you can override guest access profile rules or if you need to build it as a separate network and allow only the printer & internet access.
I have a similar setup with a printer on a separate vlan. What was needed was to enable IPPS on the printer, mostly enabled by default on printers, then allow that port through the firewall. This allows other clients to access the printer and print from it.
Maybe not use the Guest network settings and just setup the “Guests” on a separate VLAN which is more configurable. You want to allow passage from the “Guest VLAN” to the printer IP as well as allow mDNS to the IP/network where the printer is located. Should take just a few minutes to check. You would essentially have a real guest network if you setup rules to isolate it from your main network.
At the risk of stating the obvious, but since nobody has said it yet: Network-enabled printers aren’t generally considered the most trustworthy devices, if you catch my drift. Allowing access from the guest network to the printer could open a door into the main network. In a corporate network, this would be a huge red flag to me. Then again, I guess it’s fine in the home.
On the subject of some printers not allowing printing from other networks that Tom raised: This problem can be solved with source NAT (traffic from the guest network to the printer will have its source address rewritten to the router’s address on the network the printer is in). pfSense can do this, but I don’t know if the UDMP can.