This depends on what your exact setup is. If the RAP is tunneled to the controller, you should allow the print traffic in the role for the user on the controller, and on the devices (like firewall/VPN/WAN) between the controller and the printer. If the SSID is bridged/split-tunnel, the role for the user needs to allow the print traffic.
To start with, draw out the data-path, how the traffic will exactly flow, and then find out what traffic flows are required and follow that flow over the data-path to find where it is blocked. Also relevant is how the printer is connected. If that is on the same (tunneled) SSID wireless, the focus could be more on the controller and the branch is more or less out of scope.
Some printers use multicast for the discovery of the printer. What also is important to understand is if in your situation the printer is not discovered by the client, or that the print traffic is blocked/dropped somewhere. From your question, I assume the second, but important to understand the actual problem. If it is the discovery part where the failure is, you may need to tweak broadcast/multicast or AirGroup. If you can't figure out where the issue is, I would do a Wireshark packet capture on the client to see what the client is sending out and then investigate where it may be blocked.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Mar 01, 2021 12:37 AM
From: Aria adhiguna
Subject: Failed to print with IP Printer with RAP
Hi,
I would like to ask, our customer has an RAP at the branch, and controller at HO.
The user at the branch wasnt able to print using the IP printer there, but was able to ping.
I suspect that this is the problem of ports. Is there any way to open firewall port on Controller?
On Palo firewall, the port needed for pritning is already opened
Thank you.
------------------------------
AA
------------------------------