Matomo On-Premise instance behind firewall - what connections to allow?

Hello, our installation of Matomo (therefore its url) is hidden behind a firewall policy, only allowing access from our internal network (with url exceptions neccesary for tracking to work).

Would you have URLs/IPs that we can add to allow Data Studio to access our matomo installation without opening the instance url to all traffic?