Antivirus administrators, I have found an excellent video explaining communication between Symantec SEPM11 and its clients. I think that you might find it very interesting especially if you have a firewall between your SEPM management server and your SEP clients.
What you will learn from this video is that all SEP communications are CLIENT INITIATED from a random port, toward the SEPM HTTP port (from MR3 onwards the default is 8014, before it was port 80). There is no connection FROM the server TO the client. Even if you push an action as 'Update Content' the client will retrieve this command from the server at its next connection with the management server.
That's why using netstat -b | find /i "ip.address.of.server" you will see all the communication on port 8014.
TCP ports 139 and 445, as well as UDP ports 137 and 138, are only required for initial client deployment from SEPM, not for management.
I hope this helps!