The type of "outbound" access MOVEit Central requires through a firewall depends on what remote hosts you wish to access. For example, if you wish to access a remote MOVEit DMZ server, you will need to allow Central to connect to that server using HTTPS.
It is not normally necessary for firewall rules to be configured to allow "inbound" access to a MOVEit Central. Two exceptions:
If MOVEit Central Admin needs to be allowed to connect from a remote IP addresses through a firewall. (In this case, MOVEit Central should be configured to force SSL encryption when communicating with MOVEit Central Admin). Ports 3471, 3472, and 3473 are used.
If an additional server (e.g., Microsoft IIS FTP) has been installed on the same platform as MOVEit Central. (Strictly speaking, inbound firewall rules are still not required to access MOVEit Central in this situation. However most firewall administrators take a "rules for machine" view rather than "rules for application" view, so it is best to be up front with your firewall administrators if you plan on installing any "helper" services on the MOVEit Central platform.)
