The monitoring servers in the OIT-Monitor range of addresses should have incoming access to the following ports for all OIT servers:

echo-reply
echo-request
dest-unreach

UDP and TCP 161 (SNMP read)
TCP 5666 (Nagios NRPE)
UDP 1161 (SMC)
TCP 9999 (MRTGEXT)
tcp/524 (NCP)
tcp/427 (SLP)
tcp/389 (LDAP)
tcp/636 (LDAPS)
tcp/13782 (Netbackup)

These ports have a port group named Nagios_Monitoring_TCP and Nagios_Monitoring_UDP, names to which you should refer when making firewall requests.