What are the appropriate Firewall\VLAN ACL Rules for this situation?

Does this all look correct? The Connection Server is on VLAN 6 172.16.6.166 with the windows firewall on with the default rules. The Virtual Desktops are on VLAN 4, the windows firewall is off. The client access devices running the Horizon View client are on VLAN 2 and VLAN 4 without local firewalls. We dont use MMR or RDP. When a connection is being negotiated, doesnt the agent need to talk back to the client on random ports? Is there a way to configure a range for the pcoip and usb agents to use?

Outgoing traffic ACL's:

VLAN 6 ACL's:

permit all

VLAN 4 ACL's:

permit tcp 0.0.0.0 255.255.255.255 172.16.6.166 0.0.0.0 eq 443

permit tcp 0.0.0.0 255.255.255.255 172.16.6.166 0.0.0.0 eq 4172

permit udp 0.0.0.0 255.255.255.255 172.16.6.166 0.0.0.0 eq 4172

permit tcp 0.0.0.0 255.255.255.255 172.16.2.0 0.0.3.255 eq 4172

permit udp 0.0.0.0 255.255.255.255 172.16.2.0 0.0.3.255 eq 4172

permit tcp 0.0.0.0 255.255.255.255 172.16.2.0 0.0.3.255 eq 32111

permit tcp 0.0.0.0 255.255.255.255 172.16.6.166 0.0.0.0 range 4001 4002

VLAN 2 ACL's:

permit tcp 0.0.0.0 255.255.255.255 172.16.6.166 0.0.0.0 eq 443

permit tcp 0.0.0.0 255.255.255.255 172.16.6.166 0.0.0.0 eq 4172

permit udp 0.0.0.0 255.255.255.255 172.16.6.166 0.0.0.0 eq 4172

permit tcp 0.0.0.0 255.255.255.255 172.16.4.0 0.0.3.255 eq 4172

permit udp 0.0.0.0 255.255.255.255 172.16.4.0 0.0.3.255 eq 4172

permit tcp 0.0.0.0 255.255.255.255 172.16.4.0 0.0.3.255 eq 32111

permit udp 0.0.0.0 255.255.255.255 172.16.4.0 0.0.3.255 eq 50002