Agreed - that’s the primary URL used for content/catalog and other updates such as patches (for core data platform functionality).   

If you are connecting to ServiceNow or other external similar sources then they would need to be whitelisted too, but that’s scope dependent.

The only other thought would be if you are enabling https for connections then standard cert validation would occur so you may need to enable URL's to complete the cert revocation checks etc.

Hi @MurrayPeters , are the cert revocation URL's the same as what's documented for FNMS Cloud, or are they different? If different, what are they?

FNMS Cloud URL's are:

• http://crl3.digicert.com/ssca-sha2-g6.crl
• http://crl4.digicert.com/ssca-sha2-g6.crl
• http://ocsp.digicert.com

Hi Kyle - it depends on the cert and what authority(ies) were involved in the signing.  You can look at the details of the certificate though, for example here is the one used by this Flexera Community - note the URL's at the bottom.