It’s actually a little bit trickier than that. If it’s a client at home, you probably can’t reach it even if Windows Firewall has the traffic allowed (you still have to deal with their home router blocking (as it should) or with their ISP blocking the traffic).
One approach you might test is using
last command times of client
This should return the last time the client received a UDP notification, for a new site version, action, fixlet, etc.
One might guess that a client that has received a UDP notification within, say, the last 6 hours is likely to also be able to receive a Query notification over UDP.
Take this with some grain of salt though - I haven’t tested whether Command Polling would trigger this result to update even if the message wasn’t received over UDP.
Some relevance to test might be
(now - last command time of client) < 6 * hour
You could change the time interval to be more or less aggressive to suit.