We're just starting to dip into application control.

In this case, Teamviewer is the application we want to monitor.

From what we've read, you can not create a rule that uses the application signature to match - instead you have to apply application control to a rule being matched by more base-level criteria (ip, port, service, etc).

To test this out, we created a simple pair of rules.  One on Inside to Outside, one on Outside to Inside.  These rules match all sources, all destinations, ports and services - ie. should match all traffic not previously matched.

We created an application control entry for Teamviewer and applied that Application Control to the two rules created.

In the application control, everything is set to allow, but an application override was added in which I selected TeamViewer from the list of applications.  For the action, I originally tried monitor, but then moved on to Block.

So far - no love at all.  On both the inbound and outbound rules, nothing.   If I set logging to all, then it matches lots of traffic.  

So what am I doing wrong ?  I'm sure I'm missing some obvious step :)    I'm trying to avoid creating a rule to match the port that Teamviewer is known to use and just use the built in intelligence.

Thanks