The CVG does not need to contact the license server. HM is the only thing that contacts the license server. HM must have a license for the CVG for you to use it. There is a different license for CVG than that of regular Aerohive devices. But CVG is like any other Aerohive device in that it needs the following ports to communicate with HM: UDP 12222 (unless you change the transport protocol to HTTP, then it would be TCP 80), TCP 443, and TCP 22 (unless you change the transport protocol to HTTP).
Between the router(s) and CVG, you will need UDP 500 and UDP 4500. The routers will also need access to an NTP server. So if you do not have one local, you will need to also allow UDP 123 to the NTP server(s).