Base on the scenario, this are the firewall port needed to open for SCOM:
Deploy SCOM Agent into Untrusted Server 
| Source | Source Port | Destination | Destination Port | TCP / UDP | Description Of Services |
| SCOM RMS | 5723 | SCOM Agent | 1024-65535 (RPC Service) | TCP | For purpose of all agents’ connections to Root Management Server |
| SCOM Agent | 1024-65535 (RPC Service) | SCOM RMS | 5723 | TCP | For purpose of all agents’ connections to Root Management Server |
Install Console into User PC 
| Source | Source Port | Destination | Destination Port | TCP / UDP | Description Of Services |
| SCOM RMS | 5724 | SCOM PC CONSOLE | 1024-65535 (RPC Service) | TCP | To provide the ability for administrator to access Operation Console |
| SCOM PC CONSOLE | 1024-65535 (RPC Service) | SCOM RMS | 5724 | TCP | To provide the ability for administrator to access Operation Console |
| SCOM RMS | 1024-65535 (RPC Service) | SCOM PC CONSOLE | 80 | TCP | To provide the ability for administrator to access SQL Reporting Services for reporting purposes |
| SCOM PC CONSOLE | 80 | SCOM RMS | 1024-65535 (RPC Service) | TCP | To provide the ability for administrator to access SQL Reporting Services for reporting purposes |
Using SCOM Web Console at user PC.
| Source | Source Port | Destination | Destination Port | TCP / UDP | Description Of Services |
| SCOM RMS | 1024-65535 (RPC Service) | SCOM Web Console | 51908 | HTTP | To provide the ability for administrator to access Operation Console through web |
| SCOM Web Console | 51908 | SCOM RMS | 1024-65535 (RPC Service) | HTTP | To provide the ability for administrator to access Operation Console through web |
SCOM Monitoring Network Devices (via SNMP)
| Source | Source Port | Destination | Destination Port | TCP / UDP | Description Of Services |
| SCOM RMS | 1024-65535 (RPC Service) | Network Device | 161 | UDP | For the purpose of Port Status Monitoring |
| Network Device | 161 | SCOM RMS | 1024-65535 (RPC Service) | UDP | For the purpose of Port Status Monitoring |
| SCOM RMS | - | Network Device | - | ICMP | For the purpose of monitoring network device availability |
| Network Device | - | SCOM RMS | - | ICMP | For the purpose of monitoring network device availability |
