'System' requesting connection to internet, is it safe?

Previously my System files never requested connection to the internet even when using a VPN. I have it configured only to connect to my local network and my router and have used the Stealth Ports Wizard. As of the past couple months or so it has been requesting a connection outside of my network Protocol 4 when using a VPN or when using Chrome. If I deny it while using the VPN my connection freezes up. Denying it while using Chrome doesn’t result in any problems. Is it safe to allow it? Is anything suspicious going on with the VPN?

Can you post the firewall event log for the related alerts you are getting?

JPG attached.

In the firewall alert was it Protocol number 4 or just IPv4? System is using a different protocol other than TCP,UDP,ICMP,IGMP and I’m betting its one of a tunneling or encapsulation protocols. If its is protocol number 4 then it is IP in IPencapsulation. Here is a list protocol numbers to protocol names. List of IP protocol numbers - Wikipedia

On the log it shows up as IPv4, however on the alert it shows the IP address it is connecting to and “- 4” . I once saved the rule and it appeared as protocol 4 which is why I assumed they were the same. Haven’t been able to duplicate that. Why is it using something different from TCP,UDP,ICMP,IGMP? I thought IPv4 is just the general TCP internet protocol version. If this is something new the VPN is doing, does it compromise the security, and so I probably shouldn’t use it?

IPv4 denotes the version of the IP packet and can either be 4 or 6 and is set inside the IP header. The protocol number is also set in the IP header and defines the layout of the header that will immediately follow the IPv4 or IPv6 header. Simply the protocol number indicates the type of packet e.g 6 would be for TCP while 1 would mean an ICMP packet. In your case it seems that the VPN is using protocol number 4 whic is IP in IP encapsulation. Why I don’t know you could ask your VPN provider for details. As for security, it depends on how or what it is being used for but I don’t think it will compromise your security. If it only occurs sometimes then maybe it is used for sending and receiving ICMP error messages.