You created port-group "everything except 5000" .
Your alternative idea seems to be apply it on existing firewall modify rule.
And that is also fine for not modifying port5000 traffic
But the port group you made isn't used in the modify rule! Apply it there.
modify OPENVPN_ROUTE rule 10 source port port-group SynologyPorts
btw: haven't my ER up and running to test, but maybe port command also accepts something like port ! 5000
