We have recently been enhancing the security and reliability of the support tunnel system. If you are filtering outbound connections from your SSL VPN (or any other Barracuda product) appliance, then you will need to allow any outbound traffic in order to establish a support tunnel connection. They should be allowed to ALL destination IP addresses; the new support tunnel is currently hosted in AWS and therefore the IP may change at any time to any IP owned by AWS. If you restrict the destination IP addresses that are contactable on these ports, then Support may be unable to help you.
Also please note that as of August 26th 2019 the new support tunnel will be the ONLY support tunnel infrastructure available and therefore without all these ports being open correctly there will be no way that the Support team can assist.