This is kind of an interesting situation that I thought I would share and ask advice on. I have a Mobile Device Manager from MobileIron which proxies certain traffic from our supported mobile phones. The phones automatically log into the MDM with user creds behind the scenes. This is a newer service we provide.
I got complaints that the phones could not get to iTunes. Upon looking at the logs I saw that the traffic had identified several userids associated with the same stream of traffic. The firewall denies this traffic because someone in that list of users is not allowed to get to iTunes. At that point all access to itunes from that host is blocked.
I could write a policy higher up that allows this appliance to most websites unrestricted but I'd rather craft some kind of exception to the user identification process for this rule. Just curious how you, my checkmates, might handle this.