In addition: when needing and adding non-default ports to an application, i would use a separate rule for this. If you e.g. allow webbrowsing and smtp in one single rule and choose application default on the services, each application will only be allowed on its own default ports. So webbrowsing would not be allowed on port 25. But if you in addition need port 9090 for webbrowsing and take one rule with application webbrowsing and application smtp and choose manually the services (so you would take tcp80, tcp8080, tcp9090, tcp25, tcp587), that would also allow smtp on port 80 or webbrowsing on 587....
... View more