Well, it doesn't really listen on any ports for non-localhost traffic.
The Internet Mail provider listens on 12025/tcp, 12110/tcp and 12143/tcp on which it routes regular port 25 (SMTP), 110 (POP3) and 143 (IMAP) traffic. But the ports are only open for localhost access.
The WebShield provider does the same for 12080/tcp (routing port 80, i.e. HTTP) traffic.
The updates are fetched using regular HTTP protocol (port 80 - unless instructed to use a proxy server on a specific port).
That's pretty much it. The situation is very different with ADNM (the network management suite) which uses several tcp and udp ports to implement the communication between the management server and the agents.
Thanks
Vlk