in the Site-to-site outbound firewall if i choose the subnet and deny all, it still can connect inside network and internet and stop connecting to other sites ?

That's right, it only affects VPN traffic. You'd have to create Layer 3 outbound rules (on the Firewall page) if you wanted to restrict traffic to another on-site VLAN or the internet.

thank you , what i want is to deny access to other sites so i shoose my subnet and i deny all

If the VLAN requires absolutely no site-to-site traffic at all then the easier solution would to just stop advertising it to other sites by setting VPN Mode to Disabled...

i would like to reach this vlan from outside site but i dont want this vlan to reach other sites

As @jimmyt234 said, if you don't want the VLAN to communicate to any sites across the AutoVPN, it's easiest to disable it for that vlan under Sd-WAN -> Site to Site VPN settings.

Otherwise if it's just specific sites, the site to site outbound firewall rules need to be used.

i would like to reach this vlan from outside site but i dont want this vlan to reach other sites so i think deny source this vlan destination all