If you have the CSA between the servers in the DMZ and your Core Server you will get Pull based management only (with the exception of Remote Control. So you won't be able to push anything, only things launched by the client using the locally scheduled activities such as policy.sync, ldiscn32 or vulscan with be able to send you updates or apply changes.
443 is the only requirement from the server to the CSA in this instance. In general though I recommend you have this unrestricted initially until you prove functionality and then lock it down so that you don't waste time troubleshooting the wrong thing.
Mark McGinn
MarXtar Ltd/MarXtar Corporation
LANDesk Expert Solution Provider
The One-Stop Shop for LANDesk Enhancements
- Wake-On-WAN - Distributed Wake-On-LAN, Scheduled Power Down, and SWDist Sequencing
Update - New v2.3 Adds Process Monitoring & Historical Analysis for Concurrency and Device Based