Global rules vs application rules precedence?

I connect to our company VPN using my laptop at home to access our intranet and use one application, last weekend I forgot to disconnect from the VPN and opened iTunes and put 3.5GB through the company network downloading a movie – I had some explaining to do but it wasn’t anything illegal so I wasn’t in trouble. It was my own fault and I’m relieved I didn’t open uTorrent but I want to prevent that it happening again in the future. I also have to remember to close the Dropbox app so it doesn’t sync while I’m on the VPN.

How can I create rules in Comodo that prevents any application except Firefox and one application I allow from accessing the Internet while I am connected to the VPN?

My laptop’s IP on my home router is 192.168.1.* and I get a 5.5.. IP when on the VPN.

I tried to create a the following rules to test a setup:

  1. Global rule to block all traffic with source address NOT →
  2. Application rule for Firefox allow traffic with source →

This didn’t work and Firefox couldn’t access the internet when I was connected to the VPN – I thought the global rule would block all internet access when I was connected to the VPN and the application rule would override that and allow Firefox to connect?

Can an application rule not override a global rule?

What is the correct way to configure this?

Thanks in advance for any help!