How do I allow access to a service running on a Forefront TMG Server?

I'm setting up Zabbix for monitoring on our network. So far everything is going well, the agent is installed on all the servers. All the servers except the Forefront one are communicating with the Zabbix server. I cannot connect to the the Forefront machine via Telnet on port 10050, which is what is needed for the Zabbix Agent to work.

In my Forefront manager, I've added a protocol called Zabbix-Agent, it has TCP 10050, Inbound and UDP 10050, Receive Send.

Then I created a new Access Rule, called Zabbix. Under the Protocols tab, I've selected Selected protocols and added the Zabbix-Agent protocol that I added earlier. On the From tab, I've added Internal. On the To* tab, I added **Local Host.

That is rule no. 1 in my config. When I go to Troubleshooting and the Traffic Simulator, my simulation scenario is Non-Web access from the IP Address of my Zabbix server, to the IP Address of my Forefront server on port 10050, TCP. The test denies the traffic as shown below:

Denied Traffic
Rule Name: Default rule
Rule Order: 6

Additional information
From: Internal
To: Local Host
Network Rule Name: None - Route implied (Local Host traffic)
Network Relationship: Route
Protocol: Unidentified IP Traffic
Rule Application Filter:

What strikes me here is that it sees the protocol as Unidentified IP Traffic, whilst I've explicitly defined the protocol.

What am I doing wrong that is preventing the access that I need?