When having Application Control (APPCTRL) security profile enabled on a firewall policy, usually the 'unknown' category is blocked by users. 

In this particular scenario, sometimes the Printer.Job.Language gets miscategorized as unknown, and therefore, the traffic is blocked. The issue might happen randomly and, in some cases, it is not reproducible consistently. 

The solution in this case is to add a user Application Control signature to address this traffic that might not conform to the normal PJL traffic signature. 

The string below can be used to create the custom signature:

F-SBID(--name "PCL.Printer.Traffic.Custom"; --app_cat 25; --protocol tcp; --weight 10; --dst_port 9100; --flow from_client; --pattern "HP-PCL XL|3b|"; --context packet; )

To create the custom signature, users can refer to the following KB article:
Technical Tip: How to apply and validate a custom application signature in FortiGate 

For cases when the PJL traffic signature is too restrictive, an extra custom signature might be needed. If, after adding the first signature, there are still issues with PJL traffic, the following signature can be used to resolve them:

F-SBID( --name "Printer.Job.Language.Custom"; --protocol tcp; --app_cat 25; --weight 10; --dst_port 9100; --flow from_client; --pattern "|1b|%-12345X@PJL "; --context packet; )