Configure firewall rules by creating a GPO from the Group Policy Remote Update Firewall Ports Starter GPO and linking to the domain
In Windows Server 2012, Group Policy adds a new Starter GPO called
Group Policy Remote Update Firewall Ports. This Starter GPO includes
policy settings to configure the firewall rules that are specified in
the previous table. This enables inbound network traffic on the ports,
which is necessary to allow the remote Group Policy refresh to run. It
is a best practice to create a new GPO from this Starter GPO, and then
link the new GPO to your domain with a higher precedence than the
Default Domain GPO, so that you can configure all computers in the
domain to enable a remote Group Policy refresh.
First, if they are XP, I don't think it'll work at all.
But yes, there are firewall settings that must be allowed/set in order for Remote Refresh to work properly.
See here: http://technet.microsoft.com/en-us/library/jj572986.aspx
Also note: