Hello,
You can open port 8014 (if you installed it with default settings) for general communication. It's found on page 50 of the Installation guide. Also, you need to open port 8443 for replication
p.s Here is the guide to port numbers: http://www.symantec.com/docs/TECH102416
Also, check this: Security recommendations regarding SEP client installed on server located in DMZ
http://www.symantec.com/docs/TECH122858
What I am unable to understand is, since this is a DMZ network, how are you planning to have the SEPM updated with Virus definitions?
Hope this helps!!