Re: Cant print the file to my home printer after v...

yeruel

Hi Checkmate,

Let me tell some explanation to understand the issue.

I have printer at my home and have internet. I want to access some files from the company inside servers. Then I used to connect the VPN client to connect the site or company. After VPN client connected to the site I just access the file and try to print to my home printer. Unfortunately I unable too print the files to my home printer. When I disconnect to the VPN client, I can print the the saved files.

Why I am unable to print the files during VPN connected to the site ? The printer is at my home. Any one who can assist on this issue?

AkosBakos

What kind of printer is this? Wireless, or USB?

An the remote access is full tunnel, or split tunnel?

Akos

----------------
\m/_(>_<)_\m/

the_rock

Hey @yeruel

Just responded directly to your message. I sent you some screenshots also indicating what @AkosBakos advised, for the full/split tunnel. I have a gut feeling that could be an issue here.

Andy

yeruel

Hi @the_rock

I did as you guide, unfortunately, after disable all route traffic , from the VPN client, the users can't access the internal servers. Oh !

the_rock

Ok, so I guess you had it enabled, put it back then and install policy. See, here is the "catch" in that situation...so if its full tunnel, all Internet traffic would go through the firewall itself, so just make sure all the necessary ports are allowed and please send us any relevant logs when this fails for the users.

Andy

G_W_Albrecht

This is a usual side effect of the Route All Traffic to GW / Hub mode setting. You have to enable Do not route traffic for local network to the gateway for the RA VPN client, see these SKs for details:

https://support.checkpoint.com/results/sk/sk101239

https://support.checkpoint.com/results/sk/sk130832

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

AkosBakos

Don't forget the Security guidelines. If necessary to route all traffic to the GW that is not accidental. 🙂

A

----------------
\m/_(>_<)_\m/

yeruel

I have put back to previous setting, and now VPN client connected users are accessing inside servers. But the issue to print the files to my home printer which is network based printer connected to my home network. To print the files without disconnect from VPN client is not work.

AkosBakos

After you set back the VPN GW settings did you disconnect and reconnect with the VPN?

----------------
\m/_(>_<)_\m/

yeruel

Yes, I can access the company site servers from my home using the VPN client, but after accessing the file, printing to my home printer does not work without disconnecting the VPN client.

the_rock

Lets not worry about rating/stars, lets try fix it, thats way more important 🙂

Anyway, so here is my question...do you see any logs about this when printing fails? If so, can you please post it here?

Andy

the_rock

Just waiting for you in zoom, I got 50 mins left on my lunch and zoom is 40 mins free once it starts 🙂

Andy

the_rock

Hey @yeruel

Just as an update, things we tried over remote:

-tested with nat for OM net as specific IP for hide nat, no luck

-disable full tunnel, tested, same issue, no internal access when connected

-tested with OM net with nat disabled, no change

At this point, we need to see with captures why this is failing. Im still bit confused as to why even when full tunnel is off the internal access fails, that may need to be checked via the logs as well.

Andy

G_W_Albrecht

Check your home network and the networks behind the GW - if there is overlap, all traffic will be routed thru GW even if your printer is the target. You will have to change the home network if this is the case...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

G_W_Albrecht

True, but as long as all traffic to internet passes thru the company GW (the main reason to use Route All Traffic) security is maintained.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

PhoneBoy

Because the site you are connecting to is configured to use "Route All Traffic" (meaning all traffic, including to your local network, is routed to the VPN).
You can manipulate the routing table after you are connected to the VPN to ensure traffic to your printer does not traverse the VPN.
I actually wrote a Windows Batch script do this at one point: https://phoneboy.com/1405/fun-with-check-point-secureclient-and-windows-batch-files

Another option would be to convince your admins to enable the option that allows you to exclude your local network from being routed across the VPN.
See: https://support.checkpoint.com/results/sk/sk130832

Are you a member of CheckMates?

Cant print the file to my home printer after vpn client connected