Access Manager requires port 80 and 443 to be accessible from your LAN to your DMZ so that internal users can access the Access Manager web service. You may also want to open up port 10000 so you can access the appliance administration interface.
You may also want to open up ports 80 and 443 from your WAN to DMZ to allow external access to the system.
In order for your Access Manager to connect with your Active Directory, port 636 on your domain controller should be accessible to your Access Manager instance from within the DMZ. Depending on where your domain controllers are located you may need to open up 636 on your DMZ > LAN firewall and/or provide routes so Access Manager can connect and synchronize with your AD.