I haven’t tried it (and I’m new to these products, having just got a Balance 30), but would this work?
Create 2 port forwarding rules as follows:
Service Name: <some name>
IP Protocol: TCP
Port: Any Port
Inbound IP Addresses: All
Server IP Address: The IP Address of the server on your LAN
Make rule 2 the same as rule 1, except set IP Protocol: UDP
I reckon that will give ANYONE access to your server address on your LAN (this is assuming the default rule in your inbound firewall settings is set to allow).
So to restrict that access just to a specific public IP you’d need to change the default inbound rule to deny (this is likely to break any other inbound services you have though). Then you’d need to create an Inbound Firewall Rule with this configuration specifically to allow the access you want.
Rule Name: <some name>
WAN Connection: Any
Source IP & Port: Your colleagues IP address
Destination IP & Port: Your internal servers IP address
I stress I haven’t tried this so it may not work, so please check it does exactly what you want…