If you plan to install the RockSolid Agent behind a firewall you need to ensure you allow port 80 (HTTP) or 443 (HTTPS) communications between the RockSolidAgent host and the RockSolidWebService host.  The port you enable depends on if you have configured the RockSolidWebService to use SSL in IIS.  Communications are always initiated by the RockSolidAgent to the RockSolidWebService.  Never the other direction.

No other ports are required to be open for the RockSolid Agent to communicate.  This post assumes the RockSolid Agent is on the same LAN as the SQL Servers to be monitored and no firewall is blocking the RockSolid Agent to SQL Server Instance communications.