In OCS "R1" it's you need to get the security guys to open port 50.000 - 59.000 in the firewall.
You don't need that in OCS R2, see Jeff's blog: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=42
Another welcome change to the A/V Edge configuration requirements is that the RTP TCP/UDP inbound port range of 50000 to 59000 is no longer required with R2, but is optionally supported. The client A/V communications can be limited to just the STUN UDP 3478 and TCP 443 ports, greatly simplifying the external firewall configuration. So if a current deployment already has the firewall configured for the previous 50000-59000 port range, then OCS R2 still supports using them, but new deployments can benefit from these changes off the bat.