I believe (do not know for certain) that mount does use tcp - there is a good bit of information sent back to the client to setup the mount (transaction sizes, buffer sizes, connections to use). The dismount, on the other hand doesn't need anything at all other than a "done" response. Another entry is that the mounted filesystem can be using TCP for all active traffic.
Since you mention that the problem is only for servers under the firewall, you might check into what the firewall actually allows - it is even possible it is blocking things it really shouldn't, especially for NFS (things like NFS locking comes to mind). You could also try using NFSv4 instead of v3. Not sure it will help, but it does change how the protocols are handled (I believe locking is included in the same connection as the data, as well as defaulting to all tcp).
sorry, didn't notice the server you referenced above doesn't have NFSv4 services available...
Last edited by jpollard; 04-05-2014 at 08:10 AM.