Port 135 must be open on all application servers and Web servers to allow two-way DCOM communication.
Unlike most Internet applications which have fixed TCP and/or UDP ports, DCOM dynamically assigns—at runtime—one TCP port and one UDP port to each executable process serving DCOM objects on a computer. DCOM, by default, is free to use any port between 1024 and 65535 when it dynamically selects a port for an application, but configuring your firewall to leave such a wide range of ports presents a potential security risk. You may change the following registry to decrease the open DCOM port range:
HKEY_LOCAL_MACHINE/Software/Microsoft/Rpc/Internet
Details on restricting DCOM ports can be found in the Microsoft knowledge base article:
http://support.microsoft.com/kb/154596
For details about other firewall issues, see the Microsoft knowledge base article:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomfirewall.asp