In a high security environment with very limited internet access, through a proxy and only to limited URLs, will it be sufficient to have access to opp1.asm.ca.com and opp2.asm.ca.com for the OPMS installation and for further interaction with ASM (post-installation)?
For the installation it is a good idea to allow any outgoing traffic to ports 443 as there are some packages to download (OS and OS license specific), a few docker images (both from our and public repositories) and the API is also contacted (to register the station).
Currently, the docker images are downloaded during the first service start, not during the installation and therefore the reason why it needs to wait until all the services are up and running. After the installation is completed (which also includes the first service start!) the firewall rules can be changed to reject anything except connections to the opp1.asm.com and opp2.as.com plus the services that needs to be monitored.