Hi All,
In case anyone follows this thread, we still have not found a solution and still find this puzzling. We continue to allow all TCP/UDP but feel there must be a better solution. Unmentioned in the original request is that we have a JCS cache running as well, although none of the random-looking ports seem to be connected with that application either. I'll update this thread in the event that I find a solution.
Best, Alex