Apple FaceTime and iMessage on IOS devices require several changes to the Firewall and Port Access rules. This article outlines the changes needed.
WARNING: These changes can open your network up for users using some outside proxies like Ultrasurf and P2P file sharing software like BitTorrent. This is because the firewall rules must allow traffic to ANY IP address since the IOS devices connect directly to each other. If you need it to work on any machine, using the source address of "0.0.0.0/0" will open your entire network up for software that can use any port (like the ones mentioned). If you can restrict it to a particular IP address or subnet, that is better since it limits the hole to only those IP addresses or subnets.
Here are the steps needed to make FaceTime and iMessage work: