Look at the PacketFilter logs, and see which ports are being blocked to/from the relevant PC(s), and create service definitions for those ports, and packetfilter rules.
Another option which works well for most IM clients, especially if you have several PCs, is to use Astaro's SOCKS proxy for IM.
Tell me in I have the gist of this right. I need the following services enabled: TCP 80 and TCP/UDP 5000-65535 (both source and destination ports). The source is the internal network and the destination any network. Wouldnt this leave a HUGE hole in the firewall?
I'm not an active user of any type of IM, nor have I personally worked on that for a client, so I'm not speaking from experiece.
The Astaro does stateful packet inspection, so, in most circumstances, one doesn't need to create rules to allow inbound traffic except for allowing external access via http/https to web servers.
From a recent interaction with support, I know that IM traffic is also seen by the Intrusion Protection System (IPS), so there is some protection from "bad" traffic.
The IM/P2P filter will allow you to block file transfers, forcing users to get files with HTTP/FTP or via email where you will have AV protection.
I didn't read the document closely enough to know if those are enough ports to open, but I'm pretty confidant that all of our accounts have lots more than that open.
The firewall has to have some stuff open to allow for traffic to flow. Someone who brings in a trojan on a USB stick can exploit your open outbound ports. Network security really depends on good policies and procedures too.
