Printing through the SSL-Explorer Agent

SSL-Explorer’s Community Version doesn’t give you full network access like some commercial SSL VPN solutions, but that shouldn’t stop you from printing.

This assumes that you’ve got some sort of network-enabled printer – such as a HP with an internal JetDirect card. From memory, if you’ve got an external JetDirect device with multiple physical Parallel or USB ports, the network port number changes according to the physical port used.

The setup is as follows:

  1. Go to Access Control, Policies, and create a new policy. Assign some users to the policy if you like.
  2. Go to Resources, SSL Tunnels, and create a new Tunnel with the following properties:
    1. Source Interface: 127.0.0.1
    2. Source Port: 9100
    3. Destination Host: Printer’s IP Address
    4. Destination Port: 9100
    5. Auto Start: Ticked, if you want the tunnel to be enabled as soon as the Java client starts
    6. Type: Local
  3. Assign the policy that was created in step one to this tunnel.

That’s it for the SSL-Explorer side of things. In Windows, make sure you’ve got the driver for your printer handy, and follow these steps:

  1. Go to Control Panel, Printers and Faxes, and add a new Local Printer (untick ‘Automatically Detect’ if it’s ticked)
  2. Create a new Standard TCP/IP Port
  3. As the address for the port, enter 127.0.0.1
  4. Click ‘Custom’, and leave the settings as:
    1. RAW mode
    2. Port 9100
    3. IP 127.0.0.1
  5. Point the Wizard to the correct printer driver, and finish the installation. If you want to print a test page, make sure that the SSL Tunnel is activated first. This can be verified by right-clicking on the SSL client’s tasktray icon and selecting ‘Tunnel Monitor’. You should see and entry for port 9100.

The way this works is that once the tunnel is enabled, it listens on 127.0.0.1 on the port you’ve specified, and redirects traffic to the IP and port specified on the network behind the SSL VPN.

In addition to this, you can add a ‘Web Forward’ of type ‘Tunneled proxy’ to the printer’s port 80 if you’d like to check up on the printer’s status via the web interface. You can then add this ‘Web Forward’ to the policy created in step 1.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s