Thanks for the reply, it's a lead indeed, but there is no way I'm letting all those ports open for any IP.. For example I am not using ftp, so there is no reason for me to keep 21 open. The firewall documentation states that some ports need to stay open between servers but no mention anywhere about Enhance's servers so this is lacking imho. A compromise could be to let all ports open for Enhance's IP, if I can get those, but to let them open for all IPs do not make sense to me.
Using tcpdump I've sniffed the network and determined that the licence check was communicating with IP 45.33.88.58. Adding this IP in my firewall for all IPv4 solved the issue. I get that this could change and I don't mind updating this firewall entry if/when Enhance's IP changes (or could use a hostname that resolves to the current licence check ip?). I would rather limit it to port as well if possible. I just think this should be documented, having to sniff this out of the network can be a pain, especially when the server will be more active.
I'm very surprised that afaik, I'm the first one asking for this.