Firewall permissions for Confluence

Hey Nicholas, welcome and thanks for checking in!

There are a few things in Confluence that will want to reach out to the internet:

1. We collect some usage analytics about how you've deployed Confluence - details on that here. You have the option of turning this off within Confluence's interface. Disabling the usage analytics or not opening ports for the data won't cause any adverse effects for you.
2. The Marketplace (plugins/apps/add-ons) needs internet for various things; for browsing and installing plugins from within Confluence, checking for plugin updates, and sending usage metrics to the vendors of the plugins you're using. We've got lots of details on that usage here, as well as the addresses we use. It's possible to install plugins manually (download to your local computer first, then upload to Confluence Server) but you'll also have to manage updates to those plugins manually.
3. Our Support Tools plugin will query confluence.atlassian.com from time to time to let you know if there are things like critical security advisories for your particular Confluence version. It also needs outbound connectivity if you want to create a support ticket from within Confluence's interface.
4. It's possible (depending on what plugins you've installed) that some add-ons/plugins might want to fetch resources from the internet or save data there. This is highly dependent on the vendor - for example Lucidchart Diagrams requires an outbound internet connection; they have a separate version of their plugin specifically for firewalled Confluence instances.

So overall it's definitely possible to run Confluence without outbound internet access, but it will make the life of any application administrators a little easier if the box can reach out to Atlassian services.

Cheers,
Daniel