How to Allow Lacerte. This information comes from Jim Page. My comments are in italics. However, take my comments with a grain of salt because I have no clients using Lacerte to test them.
Basically create an "New Access Rule", "ALLOW", "PROTOCOLS" create OUTBOUND TCP for 10010,10020,10030,10040,10050-10052,10060,10070,10099, and I did 1275,1277,1278 (was in the MS 839503 article. Not sure if it's needed) Workstations running the Firewall client should be able to request use of any outbound protocol. So this step should not be necessary if you have installed the Firewall Client.
FROM="All Protected Networks"
TO= Created two sets, 1 is range 126.96.36.199-188.8.131.52 the other is just 184.108.40.206
Users= "All users" Can't get it to work if I pick anything else. This means that Lacerte doesn't authenticate to the server when it requests access to the Internet.
Content Types="All content types"
Now I have seen that Lacerte is using other ports to communicate to 220.127.116.11, and ISA denies access. These ports so far are 3106,3130,3132, and some in the 8000 range (didn't right them all down) I have a call into Lacerte to see if they do anything.
The mistakes that I have seen in other articles: They say to setup INBOUND and that the FROM and TO objects were incorrect.