A page has been recently deleted from the UPS web site, which included:
If I connect to UPS servers through a firewall, are there any known issues?
Because the response from the UPS server may show as unsolicited to your firewall software, you may need to configure your firewall software to accept messages from our unique range of UPS IP address ranges: “207.24.0.*”
At this writing, an in-site search on http://ups.com and a Google search still brings up the page reference, but the page is gone.
Some firewalls have FQDN capability (e.g., Watchguards), which makes rule creation far easier for a behemoth like Microsoft Office 365 and all of its related services. The info here is condensed from here. I have omitted a very few items (e.g., port 25, and *.msn.com) for reasons which I hope are reasonably obvious.
Create one rule with these ports:
50000-59999, TCP and UDP
to the following list of locations, and it is done.
All of the following ports, reportedly, have to be forwarded to the server: