It seems that the network team is taking the wrong approach. By poking holes in the firewall, it looks that their goal is to allow all clients on the internal company network to connect with NTP servers on the Internet. This may cause surges of NTP requests from one or a handful of public IP addresses to pool members. Many pool members have restrictions built-in in the configuration about the number of packets that they allow from single IP addresses in a given time frame. The end result may be that your public company IP addresses are effectively blocked from a number of time sources.
It is far better if the network team would configure their router, or an edge server directly connected to the internet, to become an NTP time server. This time server can synchronize with the NTP pool or with a handful of fixed reliable time sources on the Internet. The clients on the internal computer network can in-turn connect with this company time server.
With this configuration, your network team does not need to poke holes in the firewall configuration for a number of IP addresses on the Internet. Therefore it is a safer solution. And we as pool members will less likely block your company’s time request packets due to packet rate violations.