- TCP and UDP 135-139 : What will happened if it is blocked at Firewall end : Need to give justification to Network security team
- TCP-445-Bidirectional : for Admin$
Blocking these ports will prevent you from deploying the McAfee Agent directly from ePO server. If you use another means of deploying the McAfee Agent - such as SCCM - then these ports are not critical to the deployment.
- ICMP -Bidirectional : For Ping
Mostly reserved for troubleshooting purposes, this allows you to ping to and from server-to-client. This is most useful for deployments to allow you to eliminate routing or firewall issues as a reason the server and client cannot communicate. Once the deployment has been completed, there is no significant reason to leave this open unless you are constantly deploying.
Hope this helps.