There is more to the picture.
The VPN's you mention both use control and data channels, and the ports you refer to are the control channels.
The data channel, protocols 47 and 50 respectively, are tightly linked with the control channel, and changing the control channel is going to create other challenges.
If you are trying to get through a firewall you dont administer, I doubt you will get this operational.
If you do administer the firewall, the pain in even attempting to get this operational will hurt.
Instead there are other solutions, primarily tunneling.
SSH tunneling is technology designed to do exactly what you are after, I believe.
And of course if the firewall does deep packet inspection at the application level, even this solution can be blocked.
McAfee Firewall Enterprise can block ssh & ssh tunneling in particular, but it is a technological leader. This is not common technologoy so you should not run into this issue with luck.
Hope this helps.
Thank you for your clear answer rcamm.
I understand the complexity of bypassing the firewall (which I don't administer), and I will set up SSH tunnelling to a UTM-side server instead, as you recommend.
Are there particular settings I should look up in order to allow SSH tunneling through the SG565?