Endpoint Protection

Hi everyone, configuring my firewall policy which I finally got working. I created two rules: Block Outbound VNC local port: blank, remote port: 5800,5900 Block Inbound VNC local port: 5800, remote port: blank I did this because I know VNC when connecting outbound to port 5900, the local port will connect to any available port (for example I see in my firewall logs that it connected to port 1827). Because of this, I felt the need to have to leave the local port blank so it can pick an available port on its own. Is this the only way to set it up? Meaning, do I have to have a rule for inbound VNC connections from another machine connecting to mine, and then a rule for outbound to prevent clients from attempting to VNC to another machine, or is there a way to combine them both? If I want to allow outbound but prevent inbound, I would have to have 2 rules in that case, correct?

 Great to know it finally worked.
Well in this case the Direction should be able to refine your rule

in the rule ..in the services.for direction default is set to both  ( incoming and outgoing) --but putting the direction outgoing should solve this problem..