Typically, UDP ports are opened on request after a session is established over the other systems. Those ports don’t need to be “open” so much as “not all blocked”. That is a very wide range to list though, likely a system like this is only using a couple in a small part of the range.
But that CEO is probably only looking at this from his phone on a cellular network, so he shouldn’t have to have IT poke holes in the work firewall at least. And most firewalls won’t have an issue with blocking UDP connections that are established from inside in any case.