Not all the ports that are listed in the tables here are required in all scenarios. For example, if the firewall separates members and DCs, you don't have to open the FRS or DFSR ports. Also, if you know that no clients use LDAP with SSL/TLS, you don't have to open ports 636 and 3269.
You might want to configure a firewall for Active Directory domains and trusts
The two domain controllers are both in the same forest, or the two domain controllers are both in a separate forest. Also, the trusts in the forest are Windows Server 2003 trusts or later version trusts.
Following link might help further, if you haven't looked at it yet.
https://support.microsoft.com/en-in/help/179442/how-to-configure-a-firewall-for-domains-and-trusts