Almost. SystoLOCK communicates with its parts over TCP and there is only one port that is used for most cases in that communication:
You would need to open this port in your firewalls if there are any between SystoLOCK parts within your internal network.
If you would like to extend SystoLOCK usage beyond your perimeter, you would need to publish your SystoLOCK endpoints to the internet. It is recommended to keep port 21572 also for outside, though you can choose any port and make that port known to the outside world by publishing the appropriate DNS records. In this case you would need to forward your chosen outside port to inside port 21572.
Do not forget to publish all your SystoLOCK Endpoints to the internet, otherwise some functionality may be broken, while round-robin takes its course. If you are certain in what you do, you can publish all endpoints from a single AD site, while omitting other sites, please consult Systola to find the best solution.
SystoLOCK Endpoints outside your network are used by SystoLOCK Companion and SystoLOCK VPN Client