What to open in Firewall for Traefik to access Pilot

We use Traefik in Azure AKS (k8s).
I've let the network team open k8s IP range --> pilot.traefik.io:443 on the firewall but Traefik still isn't able to access Pilot. The token has been set (tried vars and additionalArguments) and Traefik has been restarted.

Log says: level=error msg="retry in 5.557775473s due to: failed to create UUID: failed call Pilot: Post \"https://instance-info.pilot.traefik.io/public/\": read tcp> read: connection reset by peer "

Interestingly, the GUI shows some data before the instance is configured (like the version) but then says "no proxies" once it's configured: