You get a ‘Violated unidirectional connection’ message in the logs with UDP traffic even if there are rules with ‘ANY’ and ‘ALLOW’ in the rule base.
In my case the problem was that I could not PXE boot clients (using Windows Deployment Services or WDS)