HTTPS port 443
Only if you restrict outbound SSL connections via the standard port 443, please unblock the Box's access to the following servers:
The following URLs are currently used but they will soon be replaced by CNAMEs on the camio.com domain (so covered by #2 above at that point). For now, allow access also to:
The following URLs are used while managing packages on the system, for DNS inquiries, and for managing the NTP daemon.
HTTP port 80 (only to fix clock drift)
Only if SSL fails due to severe clock drift on the Box, a single HTTP request for the current time via port 80 is made to this server. All external communications are SSL encrypted other than this rare HTTP request used only to correct the local clock:
Box used Ubuntu's NTP servers (port 123)
The Box uses Google DNS servers by default: