Be nice to your network administrators. Really. They may be pain in the neck but they are the ones keeping the bad stuff out.
If you install Dynamics CRM with all roles on one machine, it typically goes well and rarely requires fiddling with the firewalls. However, once you start splitting the roles, e.g. offloading Asynchronous services to a separate box, make sure you find time to catch up with yourt network administrator and go over the comprehensive list of ports.
One particular port that is not standard and not usually open is TCP 808, used by CRM servers to communicate with each other. It does not affect the installation but then don’t be surprised if if your workflows and plugins do not work.
Ok. Thank you