If I understand your request, you’re trying to connect a user device (Netskope client installed) to printers in another location. If that’s correct, we have policies for that very same config. Here’s what we did to help define the ports. The below assumes you have a publisher in the HQ and that publisher has line of sight to all printers.
We created an NPA private application with a list of printer IP addresses. If all printers are on a segmented network, you could also use an IP range. Just be sure that the segmented network is locked down so that non-printer devices can’t join. Then we opened up all ports for both TCP and UDP to the printer IPs. We then assigned a RTP to a handful of testers and told them to test print. As they tested, we reviewed the traffic to those printers via SkopeIT. We determined which ports/protocols were used/needed and then locked down the private application so that it was only using those ports/protocols. Tested again, verified everything worked as expected and then we open the RTP up to all users that needed it.
For Example (Not the actual hosts, ports or protocols)
Discover App Definition:
- Host
- 10.XXX.XXX.101/32
- 10.XXX.XXX.102/32
- 10.XXX.XXX.103/32
- Protocol & Port
Production App Definition:
- Host
- 10.XXX.XXX.101/32
- 10.XXX.XXX.102/32
- 10.XXX.XXX.103/32
- Protocol & Port
With your suggestions I found the missing ports and now I can print everywhere! Thank you so much and have a great day! 🚀