GitLab Update Server fqdn

We are running GitLab on an ubuntu 18.04 server behind a restrictive firewall, that allows only connections to defined external servers.

To be able to update GitLab using apt package manager, the full qualified domain name (fqdn) of the update server(s) must be registered in the firewall configuration.

Could anybody provide information on which servers and protocolls are to be allowed in the firewall to be able to process the automatic update procedure using apt?

Any advice is welcome.

Cheers, Markus