I hear ya!
This is one of the challenges of using software-based solutions for things like telephony. The server "team" (by which I mean a bunch of Microsoft folks) start issuing security (and other) dictats that make perfect sense for IIS, or SQL Server or Exchange, but since they don't REALLY understand networking in its fullest sense, they try to use the same "one size fits all" solution for all servers, which doesn't play nicely with services (like VoIP) that they are not familiar with.
The advice given on both the ICCE and the ICCS classes is to not install non-approved software and to carefully research GPOs before applying them. Unfortunately, it's easy for us to say that in class, but often much harder for you to comply!
You may well be fine - I hope you are, but I'm sure I don't need to warn you of the potential issues and I'm equally sure that you have already warned the "movers and shakers" in your organization. My biggest concern would be that from the limited research I have done, this system seems to "learn" and adapt its defences as needed - so it may well be fine at first and then suddenly, at some point in the future, percieve something like SIP as a threat and move to defend itself. I would speak with them to find out if this is something that could happen and, if so, if there is any way to "whitelist" certain traffic types.
I wish I were able to reassure you more.