Configuring Multicast DNS for Apple (Bonjour) on SonicWall with iOS AirPrint Support
03/26/2020 55 16676
DESCRIPTION: Configuring Multicast DNS for Apple (Bonjour) on SonicWall with iOS AirPrint Support
Step 1: Configure each interface to ssupport Multicast.
Login to the SonicWall management GUI
Navigate to the Network | Interfaces page.
Click on configure under each interface.
Click on the Advanced tab in each interface
Check the box under Enable Multicast Support
Step 2: Configure the Global Multicast settings.
Navigate to the Firewall Settings | Multicast page.
Check the box under Enable Multicast to enable Multicast
Disable Require IGMP Membership reports for multicast data forwarding.
Select the radio button under Enable reception of all multicast addresses.
Click on the Apply button at the top.
Step 3: Change the default Deny WLAN to Multicast rule from Deny to Allow.
Navigate to the Firewall | Access Rules | WLAN to Multicast page.
Change the default Deny rule from Deny to Allow.
Change the Action of the IGMP Deny rule to Allow.
The end result looks like this: See notes section for more information. Notes:
WLAN to LAN rules are not required for this to work, however, they are required for services to work between WLAN and LAN. AirTunes, AirPlay, AirPrint, RDP, VNC, SSH, DNS, etc, all need to be allowed in order for them to work.
IP Helper is not needed. In fact, it doesn't have mDNS support. mDNS support was added on GEN 5.
The iPhone is connected to the WLAN of the TZ190W. The screenshot is taken from a MacBook Pro on the LAN of the TZ190W.
iOS devices typically do not show up as Bonjour-discovered devices on Mac OS X. The iPhone that was used in this article is running a service that allows it to be discovered.
To add AirPrint support, NAT Policies must be created to translate traffic to/from the Printer so it appears to be on the same subnet as the iOS devices. Apple's documentation states that the printer and the iOS device must be on the same network, and bridging the WLAN to the LAN is not supported on Gen 4. NAT Policies are a great workaround to these limitations.
Choose a static address for the LAN printer. The address can be assigned to the printer directly, or provided via DHCP through the use of a reservation on the DHCP server, or static DHCP entry on the firewall's DHCP server.
Create two Address Objects. One will be for the private LAN IP of the printer, and the other for an IP on the WLAN subnet that the LAN printer will NAT to.
Create the NAT Policies.
As noted above, access rules are needed for traffic to flow between WLAN and LAN, so as long as the appropriate allow rules are in place, the iOS device should now be able to discover the printer and should be able to print successfully.