Ports used by Configuration Manager
Client to MP: 80 mixed mode, 443 for native mode
Client to SUP: 80/8530 or 443/8531
Client to DP: 80/443 and 445 (SMB)
Client to SLP: 80
You should also take into account that workstations may (and should) have Windows Firewall enabled.
Firewall Settings for Configuration Manager Clients
Also clients need to be installed first. If you plan to use Client Push, I believe ports for RPC and Kerberos should be opened. Or you can use logon scripts.
However the ports used depend on the features that you plan to use in your infrastructure. Best option in my opinion is to try to implement Native Mode. Then all the communication with the clients will use 443 (SSL).
As a matter of fact I am struggling to configure it myself right now :-)
More info here:
Choose between Native Mode and Mixed Mode