Hello, shown policy is applied on clients tried to receive VNC connection on port 5900? If so, it is not correctly configured, because you should open port 5900 on local port as your direction is IN, and remote port use any, or ephemeral ports. On your server open OUT communication on port 5900 as remote port. Make sure your profile "Qualsiasi" is correctly applied. If you want to debug, make rule that enable communication on port 5900 - direction IN, enable logging (level warning), put it in front of your rules and see your communication what you should enable. YOu can post screen of that log, that we can help you out...