9850-9899, 9836. Tcp for all.
You need 9831 open from your prov targets to the appserver only.
9700-02 and 9840-2 are used for client to appserver communication.
What are the implications of limiting the number of ports using the MaxPort/MinPort settings? Is there a rule of thumb we should follow (e.g. # of ports >= # of app servers)?