Policy says Allow, but Firewall still blocking

I am running Azureus monitoring port 8905.

First I tried creating a profile in Application Monitor:
Destination [Any]
Port 8900-8905
Protocol TCP/UDP In/Out
Permission Allow

There are no denial rules in Application Monitor

Then under Network Monitor, I added
Allow TCP or UDP IN FROM IP [Any] to IP [Any] Where source port is [Any] and Destination Port is 8900-8905. I placed this rule as the last rule before the Block.

With and without that rule, I’m running into

Date/Time :2007-12-08 22:08:00
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 72.130.10.209, Port = 8905)
Protocol: TCP Incoming
Source: x.x.x.x:40028
Destination: 192.168.100.2:8905
TCP Flags: SYN
Reason: Network Control Rule ID = 5

I’m also getting a lot of failures the other way. Maybe they are tied together.

Date/Time :2007-12-08 22:33:41
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.100.2
Destination: y.y.y.y
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Apparently after I create a Network Monitor rule, I needed to restart the firewall.