Use the following Splunk Search Query to list what ports your Universal Forwarders are using to communicate to the Indexer:

index="_internal" source="*metrics.lo*" group=tcpin_connections NOT eventType=*  | dedup sourceHost |stats count by destPort