You can always see what an application/device is doing by issuing a 'show datapath session table | include x.x.x.x ' where x.x.x.x = the IP address of the device.
This command provides an overview of all traffic that is coming from or going to a given client.
Very hand when debugging or answering the question "What do I have to allow?" for a given use-case.