This topic provides information about the network ports that are used by Microsoft Exchange Server 2013 for communication with email clients, Internet mail servers, and other services that are external to your local Exchange organization. Before we get into that, understand the following ground rules:
We do not support restricting or altering network traffic between internal Exchange servers or between internal Exchange servers and internal Active Directory domain controllers in any and all types of topologies. If you have firewalls or network devices that could potentially restrict or alter this kind of network traffic, you need to configure rules that allow free and unrestricted communication between these servers (rules that allow incoming and outgoing network traffic on any port—including random RPC ports—and any protocol that never alter bits on the wire).
Edge Transport servers are almost always located in a perimeter network, so it’s expected that you’ll restrict network traffic between the Edge Transport server and the Internet, and between the Edge Transport server and your internal Exchange organization. These network ports are described in this topic.
It’s expected that you’ll restrict network traffic between external clients and services and your internal Exchange organization. It’s also OK if you decide to restrict network traffic between internal clients and internal Exchange servers. These network ports are described in this topic.
Continue at source: https://technet.microsoft.com/library/bb331973(v=exchg.150).aspx