The Technet site contains a nice reference to all ports used by Exchange 2010 and its various roles, as well as an overview of the firewall rules created by Exchange 2010’s setup. Very handy when you need to provide IP and port information to the network people.
One port which stands out from the rest is the port used for DAG log shipping and seeding, which is 64327 by default. Looking back at Exchange 2007 this is good; the port is static and DAGs use regular TCP, where CCR/SCR in Exchange 2007 uses 445 for log shipping (over SMB) and a dynamic port for seeding. And if it’s two things some network people hate it’s SMB and dynamic ports. On the other hand, 64327 in the dynamic range defined by IANA; according to IANA dynamic ports cannot be registered (claimed).
Fortunately, the port can be changed when required. To change the port for a DAG use the Set-DatabaseAvailabilityGroup cmdlet with the ReplicationPort parameter like this, where <n> can be any number between 1 and 65535:
Set-DatabaseAvailabilityGroup -Identity DAGID -ReplicationPort <n>.
Note that Exchange will not adjust the Windows Firewall rules accordingly, so you need to create a firewall exception on each DAG member to make replication work. Even better, you should do this before changing the DAG port to prevent interrupting the replication longer than necessary.