Use the data you already learned for the 6-tuple caught on the deny rule. Then create a rule that simply matches the IP on the corporate side. Do an allow any, no layer 7 inspection profiles, application teamviewer, service any. If traffic hits this new rule, you can add settings one at a time to check what is amiss. I'm suspicious of your source user setting, try changing that to any, and service to any. You may be using a group for source user, and your user may not be in the group you think it is. If you are using a group, log in to the CLI, and run: > show user group list (identify long name of the group) > show user group name "long name" | match (your user) Mariano.
... View more