The ports that SOSS uses (default ports: 720, 721 and 722) need to be opened to TCP traffic. If multicast discovery is enabled then the ports that SOSS uses need to be opened for both TCP and UDP traffic.
Unlike firewalls, intrusion prevention systems don’t block TCP ports--they monitor network traffic, inspect each packet for suspicious behavior, and then pass the traffic on its way. Some intrusion protection products install network drivers in the network stack that can cause significant delays in the delivery of packets and result in performance problems due to the distributed nature of ScaleOut StateServer. If you observe network delays, we recommend disabling the network drivers added by network intrusion detection products to evaluate the impact on performance.