I keep reading about the possibilities to have a user on the public network
request a remote control session from tech support on the private network.

I've remote controlled machines that are directly connected to the public
network, but not behind a NAT'd network.

When behind a NAT'd network the Request Session is not available, the option
is greyed out. When on the private network, the Request Session is
available, so I know the policies allow it.

Does anyone know what ports need to be opened so the workstation can read
the policy on the private network so the machine can use the Request Session