Re: Allow 2 applications but one to specific address?
Seperate the policy into 2 rules. One allowing Citrix Receiver access to the specific destination IPs (You may or may not want an App Control sensor here). The other rule set up for your browsing using customized security profiles that meet your browing needs. I recommend placing the browsing policies towards the end of the rulebase because the destination is generally all public addresses (I use the group object RFC1918 and negate the destination address field).