You have to make rules on the firewall to pass your traffic.
You can take an audit to see what it is blocking:
$> acat -ake "type t_netprobe or event AUDIT_R_ACLDENY"
Then try your traffic. The audit will be written to your screen.
If you get a netprobe, this means you do not have a service listening in a rule to pass this traffic (you don't have a rule for this traffic).
If you get an ACL Deny, this means you DO have a rule with this service, but the traffic does not match the rule (some part of the rule besides the service, like source/dest. endpoints or even the Application Defenses, does not match).