yes we are using a 3rd party firewall. Our firewall can be set up to use DNS names and/or IP addresses. It would be much easier for us to allow the dns name instead of adding the ip/networks that are part of the send/rcv connector.
We also have a gateway server that handles are inbound/outbound internet smtp traffic, however the configuration wizard configured the send/receive connectors without accounting for the gateway. I configured the on premise send connector to use the smart host, however the receive connector is not configured that way and we are going to have to pin hole our firewall to allow the port 25 traffic from those IP's through to our hub transport servers.