OK. I figured this out. The ports this stuff uses is a total mystery if you go by what you read in the threads. I mean I read so many conflicting posts on this subject, so I thought I would share what worked for me so I can hopefuly spare another from these issues.
For me, I had to create a virtual IP that mapped a public IP to the private IP of my Open Fire Server. Once that was created I had to make a policy that would restrict as much traffic as possible while allowing red5 sparkweb to work.
The policy I created contains the following port openings:
TCP port 7070 source 1-65535 - this maps port 7070 to any port it wants.
TCP port 2000-65535 source 1-65535.
As you can see I had to open a lot of ports to get this to work. I had to use tcpview to see what was being used, and I could only find 5223 being used, but opening only 7070 and 5223 did not work.
This is what worked for me. I am also running this traffic through an IPS to help keep things secure, and I am not sure I would feel good about opening such a large amount of ports without the traffic being filtered and monitored.
If anyone can clue me into a more secure way to get red5 sparkweb open without using so many ports I would love to have that info.