W2K3 Shared Fax through LAN firewall, what needs to be open?

(I'm not asking about the Windows Firewall.)

We have a web server on the DMZ, separated from the LAN by a firewall
(Checkpoint FW-1). The web server is our only Windows 2003 server here
(the other servers are all Windows 2000), so we're trying it out as a
shared fax device. If I configure my firewall to pass all traffic from
the LAN to the W2K3 machine, faxing works. Obviously this is not a good
solution long term; we want to lock the firewall down as much as
possible.

As a fairly sophisticated stateful packet firewall, Checkpoint FW-1
allows me to open specific resources for windows sharing, instead of
merely ports. I opened \\SERVER\FAX, \\SERVER\Faxclient and
\\SERVER\FxsSrvCp$, but apparently that's not enough. No other shares
seem to be relevant. Are there other ports used by Shared Fax Service
besides the regular Netbios port 139?

If the only way to do this is to open port 139 completely, then I'm not
going to do it.