I you are running the PDHCP service on Windows 2003 you also need to create a firewall exception for novell-zcmprebootpolicy.exe. In the Windows Firewall go to Exceptions > click "Add Program" > Browse to:
"C:\Program FIles (x86)\Novell\ZENworks\bin\preboot" and select "novell-zcmprebootpolicy.exe"
The example shown is a 64bit Windows 2003. I guess the path is:
"C:\Program Files\Novell\ZENworks\bin\preboot" on a 32bit system.
The reason for this is that novell-zcmprebootpolicy.exe will use a random port for communication with the device booting PXE.