Trying to sort out what filters are required to for ZENworks with a Middle Tier server in a DMZ?

Existing setup
BM3.7 server with 3 cards (private, public, ZEN_MiddleTier)
Private card
management PC running ConsoleONE
Novell Server running ZENworks
Novell Server running ZEN Middle Tier
Public card
remote laptop

The remote laptop initiates a connection to the management PC. The management PC responds and takes remote control. I am therefore assuming that the internal Management PC will have to have a NAT'd public address so that it can be contacted by the Remote Laptop.

I have found mention in various TID's of the following ports but I am having trouble with: a. which direction? b. which cards? c. which protocol TCP or UDP?
1761 Remote Management Agent Port
1762 Remote Control Listener Port
389 LDAP
445 Microsoft/Netware CIFS
524 Novell eDirectory NCP
8039 Middle Tier with AWSI

Any assistance would be very gratefully received.

One suggestion has been to use a port monitor (e.g. Ethereal) on the Management Console and the Remote Laptop, unload the filters on BM and record the connection. I am reluctant to do this as the BM server is not dedicated to ZEN and is constantly in use.

Many thanks