Not installed agent, client hosts need to access to the intranet printer

Publication Date:  2012-10-15 Views:  115 Downloads:  0
Issue Description
A client network deployed TSM and hardware SACG, cable network require hardware SACG control, maintaining a small number of wireless network without SACG control. The printers in the network are in cable network. Access the PC terminal from wireless needs to visit printer. 
Alarm Information
None
Handling Process
The USG5300 V1R3 version can not modify the ACL3099, need to configure right-manager policy to achieve. 
The printer IP is 192.168.1.2, the command-line configuration is as follows:
policy interzone trust untrust inbound
apply packet-filter right-manager
#
policy right-manager
policy 0
action permit
policy source 192.168.1.2 mask 32
 
policy 2
action permit
policy destination 192.168.1.2 mask 32
 
policy interzone trust untrust outbound
apply packet-filter right-manager
#
policy right-manager
policy 0
action permit
policy source 192.168.1.2 mask 32
 
policy 2
action permit
policy destination 192.168.1.2 mask 32
Complete the configuration through the web interface too.
Root Cause
Printer needs not to install the proxy agent's terminal access, and therefore need to release the printer's IP in the firewall policy as a privileged IP.
Suggestions
V1R3 version command line for policy configuration commands change lot, be careful to configuration, without errors. 

END