In light of recent developments with Bambu’s Authorization system, I thought I’d share what has worked for me to keep my printer secure in my network, and control any updates to either the printer’s firmware or to Bambu Studio.

First, I have my printer set in LAN mode and connected on a separate VLAN which has all outbound Internet traffic blocked. This is setup on my router/firewall PC running pfSense. My desktop PC running Bambu Studio is on my normal usage VLAN which does have Internet access. In order to discover the printer in the separate VLAN, I use a package in pfSense called “UDP Broadcast Relay”, and set it up to rebroadcast between the two VLAN’s anything on port 2021 which is what the printer uses to advertise itself on the network. Keep the spoof source set as ‘Original’ address. As long as my desktop PC’s VLAN has access inbound into the printer’s locked down VLAN, bambu studio will be able to connect to the printer once it sees the advertisements. If you don’t run pfSense or something similar, and your printer is on your same network, check your router to see if it has a built in firewall. You might be able to set a static IP for your printer, and then block that IP’s outbound traffic.

EDITED TO ADD: Depending on how locked down you have your printer’s VLAN, you’ll likely need to create an outbound rule in the printer’s vlan allowing UDP traffic from your printer’s IP as the source, to the destination ip and port of 255.255.255.255:2021 so that the UDP Broadcast Relay package will see the broadcast advertisement.

Secondly, to lock down Bambu Studio, I’ve created two rules in windows firewall. The first one is inbound, which is set to allow only traffic to the bambustudio.exe program from my local networks. The other one is an outbound rule to block all traffic from the program, except for my two local networks (the two VLANs). If you have any existing inbound rules for BambuStudio, which you likely do from when windows first asked you if you wanted to allow the program to connect to the internet, disable them. This will still allow connection to the printer, but block any accidental or sneaky updates that you weren’t aware of, or accidentally clicked to update when you didn’t mean to. This also blocks any access to maker’s world community models from within the program, but you can still go there in your browser. In fact if you can still see the models online on the home page of the program, you didn’t get your firewall rules setup right. These rules will also block your browsers ability to open files from makers world directly into bambu studio if that’s what you’re used to, but you can download the 3mf file and then open it as an extra step.

If I ever decided I do want to apply an update, I can temporarily disable the firewall rules. However, in the past I really only updated to get the profiles for new bambu filaments in both the studio and the AMS. This is moot now, as I don’t plan on ever buying Bambu materials again unless they reverse course.

Hope this helps someone