How to open HA server firewall for IoT devices?

In brief:

  • I have a number of TP-Link Kasa plugs and switches
  • the Kasa devices are on a separate subnet from the Home Assistant host
  • I’d like to firewall the HA host against everything on the device subnet except for the port(s) the plugs&switches use to communicate
  • but I don’t know what port(s) the Kasa devices employ.

If the port numbers are common or otherwise already known, please let me know?
Or, can you provide guidance on how how I might determine the ports myself?

Thanks.

Great info on the TP-Link devices here.

From that Reverse Engineering page, the answer looks to be TCP 9999.
Awesome link, fantastic information, thanks.