When you look at IM clients in the daily report, it is a list of IPs that passed through the firewall using certain IM protocol. However the IM clients have IPs for external hosts which is not the desired behavior. It should only list IPs protected by the firewall and not the IPs that transversed the firewall.
The first screenshot Top IM Source IPs is correct because it is showing all IPs but the one in executive report specifically says clients and should not include external IP addresses.
I haven't tested p2p for this behavior but I suspect it will do the same.
