You must configure your firewall/endpoint security application to allow outbound connections to the following ports for TCP traffic:
- 80* - HTTP requests for Neo4j Browser and Bloom
- 443 - HTTPS requests for Neo4j Browser and Bloom
- 7687 - Programmatic access for drivers through neo4j+s:// and neo4j+ssc:// connection schemes
(*) Port 80 is optional and only used to redirect to HTTPS. Not used for data communication.
You could just enable 443 and 7687 but users have to consciously use https:// while connecting to Neo4j browser and Bloom.