Local (LAN) SIP and RTP ports are defined by the ATA or SIP device/app being used, and, unfortunately, you're using an unlocked Vonage ATA, which I'm unfamiliar with (I can't find a manual for it, and, consequently, won't be able to assist with finding the local SIP and RTP ports it uses).You may be able to figure this out by observing your router's system log (if it produces one) when your ATA communicates with an FPL proxy server. Chances are the default local SIP Port is UDP 5060 (which isn't advisable, but that's another conversation involving SIP scanners) since most devices use UDP 5060 by default.
For example, with an Obihai ATA, the local SIP port is defined by X_UserAgentPort (Voice Services-->SP Service).
In Linksys ATAs, local SIP Port is sip port (Voice-->Line-->SIP Settings).
In Grandstream ATAs, local sip port is defined by Local SIP Port (when Use Random SIP Port is set to No) and found by navigating to the Profile tab. When Use Random SIP Port is set to yes (which is the recommended setting when using Freephoneline), a randomly generated sip port is chosen by the device.
As far as I know, only Grandstream devices have the option to select random SIP ports, so the recommendation that you're reading or referring to only applies to them.
Similarly, local RTP ports are defined by the ATA, SIP device, or SIP app being used.
For Obihai ATAs, the local RTP port range is defined by LocalPortMin and LocalPortMax (Service Providers-->ITSP Profile-->RTP).
For Linksys ATAs, the local RTP range is defined by RTP Port Min and RTP Port Max (SIP-->RTP Parameters).
For Grandstream ATAs, the local RTP port is defined by Local RTP Port (Profile tab), when Use Random RTP Port is set to No. When Use Random SIP Port is set to yes (which is the recommended setting when using Freephoneline), the ATA chooses random RTP port.
When a call connects, a random RTP port defined by the RTP range in each device is used at that time.
SIP Ports (not local/LAN) used by Freephoneline is UDP 5060 for voip.freephoneline.ca and voip2.freephoneline.ca.
UDP 6060 is used for voip4.freephoneline.ca.
RTP IPs for FPL are 208.85.218.149 and 208.85.218.150 at this time (that may change in the future). That's where the audio stream comes from.
If you block the Proxy server IP being used (voip.freephoneline.ca, voip2.freephoneline.ca, or voip4.freephoneline.ca), SIP signalling shouldn't be possible at all, making blocking RTP IPs and RTP ports pointless.You can find those FPL proxy server IPs easily by pinging each one (ping voip.freephoneline.ca). The problem with using IPs is that they can change:
viewtopic.php?f=15&t=19702.
Lastly, it seems to me that blocking the appropriate server IP address based on UDP protocol (all UDP ports) should be sufficient, but I thought you might be interested in the other information in this post as well. All ports mentioned in this post use UDP protocol.