In 99% of all cases nobody has to worry about this at all. Problems only arise when you install so called ‘network security’ software which blocks out everything. My personal view is that you don’t need anything like that anymore nowadays.
That may have been the case a few years ago but is no longer the case in the large studio networks. It used to be anyone “on the inside”, i.e. within the lan, which includes VPN employees, were considered “safe”. Now unfortunately the current threat model is “everything is unsafe”. Paranoid? Not up for consideration, the studios do as they see fit. Painful at times. All the products we work with - SourceConnect, SessionLinkPro, AudioMovers, Evercast, SoHoNet, Haivision, Unity, RVON, VLink, a bunch of others, and our own WebRTC-based software - have listings of specific ports and needs published just so enterprise users can get them running. It’s challenging sometimes.