Thanks for chiming in :-*
I have allowed Firefox, the browser, to run using your “web browser” designation. Should I do the same for Firefoxe’s plugin-container? Should I just “allow” it instead?
It’s not really an appropriate rule for the plugin-container, as this process requires access to ports not covered by the rule, typically TCP out to ports 843 and 1935, although you’ll quite often find sites requesting non-standard ports as well. It also doesn’t require ftp access, which the default browser rule allows.
I personally allow access out to:
UDP - 53 for DNS (you won’t need this is you have the windows dns client service enabled, which it is by default)
TCP - 443, 843 and 1935
That does for most situations. Depending on your firewall configuration, you will get prompts for anything else.
yep it was 1935. thank you very much 
I’ll keep an eye out for 443 and 843