For basic discovery and inventory below URL’s to be whitelisted (After last resource, entries will be dynamic so exclude based on wildcard *)
<Protocol>://<IP/FQDN>:<Port>/SapphireWS/Agent/*
<Protocol>://<IP/FQDN>:<Port>/SapphireWS/TaskAgentResource/*
For file download purpose (Agent upgrade, patch management, software/script push) below URLs will be accessed from agent.
<Protocol>://<IP/FQDN>:<Port>/SoftwareRepository/*
<Protocol>://<IP/FQDN>:<Port>/PatchManagement/*
If customer is entitled to use event log collection as part of monitoring, below URL to be allowed from agent.
<Protocol>://<IP/FQDN>:<Port>/SapphireWS/RestFileUpload/*
Additionally if remote control feature (mesh central) is getting used, respective mesh central URL and port must be allowed from agent.