Here's a great tip from Nicholas Dodge, a senior support engineer on our Manageability team.  In this tip he tells how to configure the Windows Firewall exceptions for SCE 2007:

========

If a firewall is enabled in the deployment environment of System Center Essentials 2007, exceptions must be created so that the Essentials 2007 management server can successfully install agents on managed computers and so that managed computers can communicate with Essentials 2007. The following are exceptions that must be added to the Windows Firewall for successful communication:

To change Windows Firewall exceptions on the Management Server:

Open Control Panel, and then open Windows Firewall.
Click the Exceptions tab.
Click Add Port, and then create the following TCP port exceptions:

Name=Port80; Port Number=80
Name=Port8530; Port Number=8530
Name=Port8531; Port Number=8531
Name=Port5723; Port Number=5723
Name=Port5724; Port Number=5724
Name=Port445; Port Number=445
Name=Port51906; Port Number=51906

To change Windows Firewall exceptions on a managed computer:

Open Control Panel, and then open Windows Firewall.
Click the Exceptions tab.
Make sure that the File and Printer Sharing check box is selected.
Click Add Port, and create the following TCP port exceptions:

Name=Port6270; Port Number=6270
Name=Port135; Port Number=135
Name=Port139; Port Number=139
Name=Port445; Port Number=445

Create the following UDP port exceptions:
Name=Port137; Port Number=137
Name=Port138; Port Number=138

For each of these exceptions, do the following:
Click Change scope.
Select Custom list.
Limit the scope to the Essentials 2007 management server’s IP address.

========

Thanks Nicholas!

J.C. Hornbeck | Manageability Knowledge Engineer