Off the top of my head, I think this is fairly complete (if it is, maybe worth submitting to https://github.com/jamf/NetSUS/tree/master/docs as a pull request, perhaps):
For NetBoot:
DHCP/BOOTP (for discovery of NetBoot server and images) listens on UDP ports 67 and 68
TFTP (used to download the initial booter/kernel of the selected NetBoot set) listens on UDP port 69
NetBoot images themselves are served up via HTTP or NFS - I believe the current NetSUS supports both methods (I don't use NetSUS so can't comment further on that):
HTTP listens on TCP port 80
NFS listens on ports 111 and 2049 over TCP and UDP for both.
AFP (used as shadow storage for diskless NetBoot sets) listens on TCP port 548
SMB (used to provide a network share for you to upload your NetBoot sets) listens on TCP ports 139 and 445
Note that if you're wanting to NetBoot across different subnets on your network, you'll need to set up IP Helpers on your switches to pass the DHCP traffic around.
Software Update Server:
The SUS part is just a web server listening on TCP port 80.
It uses Reposado to sync content from Apple, so you'd want to make sure it can connect to Apple's software update services - some guidance here: https://support.apple.com/en-us/HT202943.
Admin/Other:
The admin web interface is available over HTTPS on TCP port 443
It runs an SSH server for console login on TCP port 22
As for the LDAP Proxy part, I'd guess the standard TCP ports 389 (unencrypted) and maybe 636 (for TLS) would be used, as well as outbound access to your LDAP server you're proxying to.
