That looks like the answer. Whoever created the rule apparently got it "a bit" wrong for TCP/5067. Already tested and it works as it should. THANKS!
Here is the output you asked for:
Remote Management Console
COFW1-> get config | inc "TCP/5067"
set service "TCP/5067" protocol tcp src-port 0-65535 dst-port 0-5067
set service "TCP/5067"
COFW1-> get config | inc "TCP/8267"
set service "TCP/8267" protocol tcp src-port 0-65535 dst-port 8267-8267
set service "TCP/8267"
COFW1-> get config | inc "microsoft-ds"
set service "microsoft-ds" protocol tcp src-port 0-65535 dst-port 445-445
set policy id 370 name "UBNT" from "Untrust" to "DMZ" "Any" "MIP(205.219.98.89)" "microsoft-ds" deny log
COFW1->