0

A topic has come up with some colleagues that appears to be a 'regular' and I thought to ask the forum:

We have had use-cases for remote workers who VPN to the corporate network, which does not support split-tunneling, who wish to print to a local IP-printer. In exploring both Cisco and Palo Alto clients, there appear to be ways to enable IP-based routing - which might support this, but not port based. The IP-based routing might solve it (say, allow 192.168.90.25 local), but it raises usability issues (everyone would have to use the same subnet at home and the same IP for their printer), and some creative exploitation potential as well.

That leaves the - 'just use a USB cable' option. Which mostly works.

Are there any strategies or paths I might be missing?

Sean E. M.
  • 126
  • 5
  • This is actually a networking question. Route selection on windows, involves: 1. Finding the most specific routes to the destination 2. Selecting the most specific route with the lowest metric. – Raimonds Liepiņš Sep 27 '19 at 16:56
  • I appreciate the thought. I would interpret that as a Windows Firewall rule allowing IP printer ports to all RFC1918 IP addresses. This unfortunately would require the VPN to be configured with full split-tunneling enabled, and then essentially 'hope' that the Windows Firewall (which only applies to Windows not Mac or Linux) is configured properly. – Sean E. M. Sep 30 '19 at 13:32

0 Answers0