I am also curious about the answer to this question. Can we close off port 80 on the Windows firewall all together and have it use 443?
Port 443 is used for communication between agents and ePO console (clients become "managed" in ePO).
Port 80 is used for VSE to pull updates (DAT) from ePO console/SuperAgent(repository).
Port 8081 is needed if your clients will pull updates from a SuperAgent(repository)
There would also be another problem if you close port 80, and it's that the ePO's Apache Server won't start anymore
i was under the impression that agent to server communication happens by default over 443, but if the ASCI fails, it would default to 80.