Do you mean VPN or bare Internet?
Could you please outline the scenario in a bit more detail? Is this a LAN with an AMS located off-site? Or laptops? Or something else?
The basic ports are listed in the ADNM Administrator's Guide (basically, only tcp/16111 is needed for the basic functionality). Updating mirror uses tcp/5033. Some extra features (remote virus chest, "apply to computer" etc.) need some additional ports (however, these are in the other direction, i.e. AMS --> client).
Thanks
Vlk