A "personal firewall" is simply a software application which
runs on the PC that it's protecting. Similar to a hardware
firewall, its job is to block incoming connections to the
services running on your PC. This, of course, includes
blocking VNC connections.

The next few paragraphs describe some popular software-based
firewall applications, and details how to get VNC to work
with them.

WindowsXP comes with a builtin "Internet Connection Firewall". It can 
sometimes get activated when you install other networking applications,
like a VPN client. When ICF is active, you won't be able to connect to
a VNC Server on your WinXP machine, though you will be able to start a
VNC Viewer on the WinXP machine to connect somewhere else.

Here's a link from Microsoft of how to turn it off:

http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp

Another popular "personal firewall" product is Norton Internet
Security, or "NIS". It too will prevent VNC Viewers from
connecting to the VNC Server it is protecting.

Unlike other personal firewalls, just telling NIS to allow connections
to port 5800 and 5900 will not enable VNC. According to Symantec's own
Technical Support:

"The problem with VNC connections is caused by information filtering on 
port 80 by Norton Internet Security (NIS). To solve this problem, 
temporarily remove port 80 from the list of ports scanned by the firewall.
Removing port 80 will cause ad blocking and privacy controls to function
improperly. After you are finished using the Internet-based application,
add port 80 back to the list of ports filtered by NIS.

To remove port 80:

1. Open NIS.
2. Click Options > Norton Internet Security > Firewall tab.
3. Under the HTTP List, click 80 > Remove > OK.

To add port 80:

1. Open NIS.
2. Click Options > Norton Internet Security > Firewall tab.
3. Under the HTTP List, click Add.
4. In the dialog box type 80.
5. Click OK to close all open windows.

If you need further assistance, please do not hesitate to contact us."
  - NIS Technical Support