Sophos Heartbeat - Make it work behind Firewall

Hi,

is there a reliable statement for the URL's or IPs needed by the endpoint to make Heartbeat work?

I Need this because in a project there is no default route to the internet, Sophos allowed.