Was troubleshooting recent issue on AD Replication. What we found out is that we actually need to open up the following port on our firewall appliance.
TCP-UDP 135 and TCP 5722
Note: TCP 5722 is needed for Windows Server 2008 domain controllers.
One may want to take note of TCP-UDP 135. As according to the TechNet website, it only indicate TCP 135. But based on our sniffing of network while troubleshooting, we need to turn on UDP 135 too. Weird. Maybe someone can confirm on this too?
Refer to the website: