For the full details and original text, see http://windowsitpro.com/active-directory/q-how-do-i-enable-dfs-replication-between-hosts-separated-firewall.
Procedure
DFS Replication (DFSR) normally uses the remote procedure call (RPC) dynamic Endpoint Mapper, which is difficult to support through a firewall.
You can configure DFSR to use a static port instead of a dynamic one by using the dfsrdiag command, then restarting DFSR.
Example:
net stop dfsr
net start dfsr
You can verify the change by typing the command below and looking at the RpcPortAssignment value, which if it shows a value of 0 means it is using dynamic ports. (Anything other than 0 indicates the static port configured.)
To really double-check that the static port is being used, you can inspect the port listener. First, find the process ID of dfsrs.exe:
It might return something like this, for example:
dfsrs.exe 1772 DFSR
Now search a netstat -ano for the process ID, which will find the port being listened on.
In this case, below, it shows port 5722, which was the static port configured:
TCP 0.0.0.0:5722 0.0.0.0:0 LISTENING 1772
TCP 192.168.1.10:5722 192.168.1.12:63377 ESTABLISHED 1772
TCP 192.168.1.10:58823 192.168.1.11:135 SYN_SENT 1772
TCP [::]:5722 [::]:0 LISTENING 1772
TCP [fe80::4c46:84be:c9e0:2f2e%12]:61123 [fe80::4c46:84be:c9e0:2f2e%12]:38
9 ESTABLISHED 1772
TCP [fe80::4c46:84be:c9e0:2f2e%12]:61195 [fe80::4c46:84be:c9e0:2f2e%12]:38
9 ESTABLISHED 1772
TCP [fe80::4c46:84be:c9e0:2f2e%12]:63987 [fe80::4c46:84be:c9e0:2f2e%12]:49
155 ESTABLISHED 1772
UDP 127.0.0.1:58547 *:* 1772