http://support.apple.com/kb/HT5302lists the ports, protocols, and services used by MacOS Lion Server's Profile Manager. But to set-up firewalls, I need to know from where the connections are initiated? And to where do each go? Obviously 80/443 is coming from web devices on the Internet to the Server. I'm guessing 5223, the persistent connection to Apple Push Notification service, is outbound to Apple (somewhere w/in the entire 188.8.131.52/8 address block). But what about the rest (2195, 2196, 5223, and 1640)?
For 3.14 bonus points,
1) Must Profile Manager use all these PPS to manage iOS devices? Can we not use 80 and only allow 443?
2) Are there any risk assesments or vulnerability reports available for 2195, 2196, 5223, and 1640?