I have many times observed customers being unsure, if the required ports for Endpoint signalling is allowed.
How about an idea of including netstat command under the Endpoint Diagnostic tools to verify on what the ports / IP the endpoint tried establishing a connection and failed. Probably with below commands as executed on any linux box.
Proto Recv-Q Send-Q Local Address Foreign Address State
|Proto RefCnt Flags||Type||State||I-Node Path|
Just a thought, please share your comments.