The replication server component in each directory server listens on a TCP/IP port for replication communication.
This replication server port, typically 8989, must be accessible from all directory servers participating in replication. The server-to-server communication channel is kept alive using a heartbeat, which occurs every 10 seconds. This traffic prevents firewalls from closing connections prematurely.
The replication command-line utility (dsreplication) requires access to all directory servers participating in replication. This includes the LDAP or LDAPS port of the directory servers.
When configuring firewalls, keep these communication requirements in mind.