RE: Unable to print on ports 9100/515

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Charles,
As I go through the publish a printer procedure, I am worried that I am
opening a huge hole in my firewall directly to my LAN. Basicly I am tying
the internal ip address of the printer to the external internet facing side
of my SBS. Granted it is only on these two ports, but is that really a safe
and advisable thing to do? By specifying the protocol rule as Inbound,
Aren't i saying that anyone from outside the firewall is welcome to come on
in through my server to that printer? Since I don't want anyone from outside
printing there or getting in through that port, I am hesitant to do this.
Are you sure this is safe to do - security wise?

I still don't understand why I need to Publish my printer through the
firewall just to allow printing from within the domain.

Thanks,
Laura

""Charles Yang [MSFT]"" wrote:

> Hi Laura,
>
> Thanks for updates.
>
> Generally speaking, any of the device need to be published through ISA no
> matter it need to be accessed only by internal user or external user. So I
> suggest you follow that KB to publish the TCP/IP printer. As I know, you
> only need to open the port for inbound not for outbound in order to publish
> that printer for internal user. Outbound is for the external users.
>
> I am here waiting for your updates.
>
> I appreciate your understanding. If you have any further concerns, please
> let me know. I am glad to try my best offering helpful suggestions. Your
> satisfaction is our top goal.
>
> Best regards,
>
> Charles Yang (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
.

Relevant Pages

  • Re: Static NAT in ISA server
    ... "Firewall lingo" has become more "slang" that any official ... NAT - In practice it is usually really "NAT Overload" or NAT with Port ... NAT Overload - This one maps an internal user with the ...
    (microsoft.public.isa)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to Maintain an IIS Server?
    ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
    (microsoft.public.inetserver.iis.security)