Enable destination for application control

Hello Goldy ,

Thank you for reaching out to the community, create a firewall rule on top with source as the that one external IP, service as the services used by the OpenVPN and destination as ANY !

Shalom Goldy - nice to see you back here!

If Vivek's suggestion doesn't do what you want, please insert a picture here of the Edit of the object the blocks "VPN frominternal net out."

Cheers - Bob

Ok.
Thanks Vivek, and great to hear from you Bob.
I have found the way by ading the destination host to Application Control Skiplist, but Vivek way is better, because its more explicitly.
The thing it say "This applies only to source hosts/networks", and i'm looking any from my internal network, able to reach one IP adress in Open VPN.
(Normaly, i block all internal connection in vpn).
Not sure if Vivek way will work, but i'll give it a try. 

Could an application rule be placed on top of the current one to allow VPN in the the external IP they want to allow, then leave the VPN block rule underneath? I am just wondering because I thought VPN firewall rules were automatically created and are the very top, staying above user-created firewall rules.