Printing, scanning, faxing over Public Wifi

dherr2 · 2025-03-24T20:40:25.826Z

Jr Sysadmin here.

We are partnered with a hospital and sharing resources. We used their domain, mail server, and network infrastructure, but we will no longer be using either for a variety of reasons. We are migrating to a hybrid Active Directory/Office 365 system.

We have solutions for most of our sites, but have run into a snag at one. We have a small patient clinic inside of the hospital itself. We cannot get Cellphone reception in this room and the hospital don’t want us running a new Internet connection. We don’t want to do that either honestly.

They will let us use their guest network. It’s beefy enough for their day to day traffic. So our staff will VPN into our network for email & share drives, but we don’t have a good way for them to print/scan/fax. We can keep our fax line. They use most features of the printer. Faxing (both file and physical), scanning (to file and to email) and printing.

Additionally the office is split into two different rooms 50 foot apart in a space shared with hospital staff. Staff from one room would have to physically walk to the printer each time they wanted to use it. They all use laptops.

This is what we’ve thought of.

Make them get up and stand by the printer and connect to it every time they want to print, scan, or fax.
Similar to #1 but use a dedicated machine instead of connecting their laptops.
Add a switch to both rooms, run an ethernet cable to each workstation, and make a Lan closed off from the Internet. I think they’d only lose fax to email, but they’d keep the rest. Also, though we haven’t asked yet, we don’t know if the hospital will actually let us run cable.
Add a dedicated machine in the printer room, always on and connected to printer. Have the dedicated PC act as a print server and share drive (cloud syncd) and do everything that way.

Note, I’m not entirely certain how to do all of this, and Number 3 seems easiest to me (if the hospital will agree). I like number 4 best though.

Are there any options that we didn’t think of? Are there pitfalls to any of the above options?

Edit: We do have an MSP helping us, but they haven’t given us any solutions for this site yet. We all dropped the ball in one way or another for this site. So they may come up with some brilliant solution as well.

somedude2 · 2025-03-24T21:41:11.869Z

dherr2:

Add a dedicated machine in the printer room, always on

Put it next to the printer, let it talk to the printer with bluetooth/wifi/wired mini switch
and set it up as a WiFi access point , routed into the VLAN. (it has to be a print server)
Then everyone who can reach the VLAN and authenticate to it can reach the printer locally and the shares remotely.
(make sure it is NOT public, you want to restrict this one)

spice-girl · 2025-03-25T05:04:50.762Z

#4 definitely sounds like the best option. The only other thing I can think of is a printer that can run a VPN connection natively, but I don’t know of any that do.

egp_dave · 2025-03-25T15:22:42.859Z

BEFORE you spend the money, get a HIPAA compliance check. Your contract with the hospital should require them to allow the necessary work for compliance; they can’t force you to adopt something that is in conflict with the law. Your lawyers should advise you on this point also. Hospitals understand lawyer/money talk really well.

spiceuser-l31io · 2025-03-25T15:31:04.925Z

Is there something stopping you from putting in a router and establishing a site to site VPN?

joejoethehitman · 2025-03-25T18:00:48.752Z

I completely agree with @egp_dave around HIPAA. Working in the hospital IT arena for over 30 years whatever you do you need to ensure your data is secure, you are not violating HIPAA and your data cannot be “sniffed out”. If you are unfamiliar with HIPAA and the securing of your data I highly recommend you become familiar with HIPAA and review NIST. There may also be local and national laws/rules/regulations that you need to ensure you are adhering to. I am not up on the comments about the lawyers, but it may be a great place to start and allow the lawyers hammer out the legal details and it may be determined to leave well enough alone and allow you to continue to ride on the hospital’s network like you have been. Hope this helps.

dherr2 · 2025-03-25T19:46:53.761Z

I’m not sure how to have a router piggyback off existing wifi mainly. This wasn’t part of our original quote with the MSP. I don’t know how to create the connection we’d need and our MSP still hasn’t responded. My boss is handling those negotiations. I’m near positive if they give us a solution she’ll use it. I’m just looking at alternatives in case they don’t.

@somedude2 is recommending something similar. I imagine I could use one of our old PC’s, conn, give it the same image, add a USB wifi antenna, configure it to broadcast its own SSID and bridge that data through the Guest network over VPN. I’m liking either that or some variation of it. I’ll just need to pull the appropriate configuration data from our other firewalls & routers and mimic them.

LiamDC · 2025-03-25T20:00:33.453Z

Can it be done via usb keys? I have seen printers where you can scan to USB and print from a USB key.

dherr2 · 2025-03-25T20:02:32.047Z

I’ll will speak with my boss from this perspective. Both yours and @egp_dave. I believe we had lawyers involved as well, though that’s a bit above my paygrade.

My supervisor is our HIPAA Security Officer as well as our IT Director. While I understand HIPAA well enough to think about potential pitfalls from a tech standpoint, I don’t understand the business aspects of it very well. She is much more spun up on it than I am. I’m uncertain what our contract states, but I believe we just signed a new one. I can’t imagine continuing our partnership without a partnership. At the very least our old contract is definitely void. My boss would have had input in any new contract.

My boss is pushing me to research this. I don’t know if we don’t have much protections in our contract in this aspect, if she’s just looking at backups, or if there’s other factors at play. I get the sense thought that if our MSP falls through, then we’ll move to whatever plan I come up with.

dherr2 · 2025-03-25T20:11:09.659Z

I like this. I suggested something like this, but didn’t quite understand all the pieces involved. Since I didn’t understand it, I wasn’t able to explain it to my supervisor very well. Thanks to your comment, I spent some time reading into this and other similar concepts and understand it better.

I found a proof of concept based on an RPI and some purpose built devices that do what you are saying. I just finished a conversation with my supervisor and it definitely sounds like this is our plan B if the MSP falls through. (or their solution is too expensive).

I don’t know enough to do this on my own securely, but I think I can mimic the configurations from our MSP’s firewall/router. We will be using fortinet, so I’ll look for an onbrand device that can do this. Then I should just be able to import most of the settings.

spiceuser-l31io · 2025-03-26T10:59:23.094Z

dherr2:

I’m not sure how to have a router piggyback off existing wifi mainly.

There are any number of ways this can be done.
A PC can be used to bridge the wifi to a wire. Then put in your router and create a site to site VPN.

Of course, bandwidth could become an issue.

randomparts · 2025-03-26T13:10:06.181Z

My suggestion would be to ask the hospital for a network drop to that area (might even already be one). Create an internal network that the copier is on (you’ll need some sort of router/switch for this). Connect that network to the hospital drop. They should be able to create a vlan just for you. Place a firewall between your network and the hospitals and setup site to site VPN on it.

dherr2 · 2025-03-28T20:10:20.524Z

There are definitely network drops, but they don’t want us using them. That was my first suggestion. They don’t want us using any of their infrastructure nor adding to it with our own data drop. However, I believe they’ve realized the corner they’ve pushed us into. We are meeting with them next week and should have a good answer.

dherr2 · 2025-03-28T20:38:17.214Z

I’ve been researching various ways to do this, and once I can see the configurations from our other sites, I think itll b a straight forward process. But your right about bandwidth. We only get about 20mbs per device. Not an issue when they connect separately, but 8 users through a single device, get pretty rough I imagine.

I think we’ve managed to convince the hospital to work with us for a better solution though. We got a few standard ways we could approach it if they let use/add to their infrastructure a little bit. Even if it’s just one single drop.

randomparts · 2025-03-31T12:16:51.059Z

dherr2:

They don’t want us using any of their infrastructure

I’d have to say, if you are using the hospital WiFi you are using their infrastructure.

spiceuser-y45v · 2025-04-01T08:19:09.375Z

Among these four options, I suggest trying option 4 as a priority. it can be centrally managed, supports shared drives and cloud synchronization. But at the same time, you need to ensure PC security and configure automatic backup/redundancy.

matt7863 · 2025-04-01T12:31:54.914Z

option 5 - buy 2 printer/MFPs one for each area of the building.
These must offer the hotspot type connectivity (i.e. they create their own wireless network).

Done this many times with MFPs e.g. Ricoh etc - each laptop sees the printer via wifi and can just print to it/scan from it.