Tfom's questions

Okay so I'm a little new to VLANS, so forgive me if this is a silly question. I have a firewall set up with a few VLANS:

ID 1: This is the primary, and set to untagged. This will be used as a management VLAN ID 30: 'Guest' for the less trusted devices ID 40: 'iot' for our it devices. I wan them segregated for QOS and security reasons ID 50: 'Trusted' for staff to access specific resources on the LAN.

My question is this. The majority of devices connecting to VLAN 30 and 50 will be standard workstations, with NICs that don't understand VLAN tagging. If I set port-based VLAN, I still have to have it as a tagged VLAN, as that's how it's set on the firewall (The firewall is running a 'bridge' port to pipe all 4 VLANS over to the layer 2 switch), and of course, will only allow one of those VLANS to come back untagged. If I set it as a tagged VLAN, the workstation doesn't understand it and gives a 169 IP. if I set it to an untagged, same deal - I assume as the firewall is only expecting tagged traffic from those VLANS. What am I missing here?

Context: My firewall is a Watchguard, my switch is an HP Aruba

So We've a networked laser printer, pretty standard bit of kit, accepts requests via WiFi, ethernet or USB. Recently we've found that our network has been dropping out for a couple of minutes each morning and this seems to tell the printer to ignore all requests until restarted, also getting a lot of print lag. long story short, we've attached a spare PC to the USB bus and set it up as a network share (Windows 0) - works a peach.

Given all the warnings about hackers using insecure printers to send malware as attachments (and my boss' reluctance to buy a new HP printer) I wondered if there was any steps I could take (i.e. a way to automate a malware or virus scan of all print jobs before they're spooled?) All suggestions very welcome, even if you think I'd be better off with a linux based solution?