Welcome to the McAfee SaaS Email Protection Community! All of the SaaS Services (the former MX Logic line of products) use the same IP ranges. You can find these in your Email Protection service, under Email Protection > Setup > MX Records. At the bottom of the page is a section for locking down servers. You'll need only the CIDR /21 or /24 notation, but not both, depending on what format your firewall works with. For some older firewalls, individual IPs are needed, and are provided.
If your firewall requires host min/max and subnets, those are available as well.
Thanks for the prompt response, Brad.
I haven't seen the configuration GUI in anger as yet (had a quick WebEx with one of the EMEA SEs yesterday, and as a reseller partner have also noted there are some SaaS Email videos on the Partner Learning Center site). However, I can see from the link to the support article the CIDRs you are referring to, and as McAfee Firewall Enterprise does support this kind of notation (I've worked with the Firewall for more years than I can remember and the vast majority of my community forum post count comes by way of that particular forum) I should just be able to lock down the rule to the two /21 CIDR entries mentioned in this article.
Can I just confirm that these same values would apply to the inbound LDAP traffic in addition to SMTP traffic?