diff --git a/modules/configuring-firewall.adoc b/modules/configuring-firewall.adoc
index b47694a56f57..6609110eb843 100644
--- a/modules/configuring-firewall.adoc
+++ b/modules/configuring-firewall.adoc
@@ -30,10 +30,6 @@ There are no special configuration considerations for services running on only c
 |443, 80
 |Provides core container images
 
-|`*.openshiftapps.com`
-|443, 80
-|Provides {op-system-first} images
-
 |===
 +
 When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, then image downloads are denied when the initial download request is redirected to a hostname such as `cdn01.quay.io`.
@@ -102,7 +98,7 @@ CDN hostnames, such as `cdn01.quay.io`, are covered when you add a wildcard entr
 
 . Allowlist the following URLs:
 +
-[cols="3,2,4",options="header"]
+[cols="8,2,4",options="header"]
 |===
 |URL | Port | Function
 
@@ -126,7 +122,8 @@ CDN hostnames, such as `cdn01.quay.io`, are covered when you add a wildcard entr
 |443, 80
 |Required both for your cluster token and to check if updates are available for the cluster.
 
-|`art-rhcos-ci.s3.amazonaws.com`
+|`rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com`, +
+`rhcos.mirror.openshift.com`
 |443, 80
 |Required to download {op-system-first} images.