Incoming requests still get prompts despite global rules

ok, so needing some clarification here … see attached two screenies of my network zones and global rules. With that in mind why would I still get prompted for connections that originate in my 192.168.1.x network?

For example, I RDP’d to my box from my laptop, and couldn’t get in as it was being blocked by CFP which was evidenced in the logs … very odd, or am I misunderstanding how this works?

[attachment deleted by admin]

You also need rules to allow the connections in your application rules. The global rule allows the connection request to be passed to an application, but you still need a rule for the specific application to do something about it.

righto, thanks for clearing that up.