ok, well as I can't seem to find the firewall admin, I am trying to test as many things as possible for when I do get access to him.
I used NMAP to check from the security server in the DMZ to the desktop on the internal LAN on port UDP 4172. It reported that the port was closed... so I thought aha! but then I did it from my workstation on the same LAN as the desktop and that also reported closed, and netstat also shows nothing listening on port 4172 on the desktop... or does the desktop initiate the connection, so it isn't listening? When I scan from the desktop to the security server i get:
PORT STATE SERVICE
4172/UDP Open|Filtered Unknown
I am not sure what Open|Filtered is... but it appears open that direction...