Hi all, have a configuration question concerning printing across VLAN's

I have two VLAN's, one I have my printers on (VLAN 7) using a static IP address (e.g. 192.168.7.10)

And one (VLAN 3) my users connect to via Ethernet or Wi-Fi that issues IP addresses via DHCP (e.g. 192.168.3.x)

All inter-VLAN traffic is blocked e.g. rule, 192.168.0.0/16 - Any / 192.168.0.0/16 - Any

I want the users to be able to print but I want the communication to be as secure as possible.

I currently have a layer 3 firewall run in place before my block rule that is set to allow all traffic from any device on VLAN 3 to communicate to the IP on VLAN 7, for example, 192.168.7.10/32 - Any / 192.168.3.0/24 - Any

I believe limiting the communication ports would secure this even more, for example a layer 3 rule like this,

192.168.7.10/32 - 631 / 192.168.3.0/24 - 631

I have not tested this single port assignment yet, so am not sure if other ports will be needed, one of the printers is a Fiery and I've heard they may have other port requirements. The syntax is something I'll have to research for rules that include multiple ports.

That aside for now, can I get some insight on how other have configured their environments to make printing communication across their networks reasonably secure?

Thanks in advance!