I know the Agent port is 7628 and VNC is 5950, but then looking at the firewall logs through F-Secure, it shows that the Source ports are typically in the 49000 range, 55000, 65000, etc. While the destination ports are 7628 and 5950 respectively.

How am I supposed to set up the firewall so this isn't an issue? If I open all traffic to the ZENworks server, then that works, of course.

That isn't necessarily my biggest issue. Remote control is bigger issue. I want my management machines to be allowed, but I have several scattered between buildings. I could put static IPs for them, then allow all traffic for those IPs, but still not ideal as I need to change those rules any time I add/remove machines.