According to the information I can find, those ports look correct.
Can you try using a machine inside the firewall and verify that the user is able to run IA? If possible, transport the machine inside and verify from that.
Also, how are you resolving the address for IC on the machine running IA? If this firewall performing NAT and Port Forwarding? If so, try putting "/notifier = {public IP of Firewall}" on to the command line for running IA.
HTH