That's indeed how our rules are setup: We use an application group to allow several remote support applications, service application-default For these applications, no user-id required (user: any) from zone trust to zone untrust Basic security profile applied, but that should not block legitimate traffic (will check in threat log) What I do notice, is some traffic gets recognized as citrix-jedi and gotomeeting, those are very similar to gotomeeting. And they are allowed too. Threre's really no clear line to draw. It's one of those apps that use generic ports randomly, to many different ip's randomly ...
... View more