We recommend that you open only the ports required to support the functionality for which you are providing external access.
For remote access to work for any edge service, it is mandatory that SIP traffic is allowed to flow bi-directionally as shown in the Inbound/Outbound edge traffic figure. Stated another way, the SIP messaging to and from the Access Edge service is involved in instant messaging (IM), presence, web conferencing, audio/video (A/V), and federation.
In below figure, show all ports and protocols that require for Edge and for Exchange Server.
Also, you can refer Microsoft Tech-net link