If you allow port 80 and 443 access out of your network then accessing the Apple App Store from behind your firewall it’s a doddle.
However if you have a more locked down area of a network but have iPads etc that need App Store access here’s what you need to allow port 80 and 443 access to:
220.127.116.11/16 Apple's Class B Subnet includes phobos.apple.com address(es) 18.104.22.168/23 Akamai Technologies CDN
I appreciate this is a bit of a wide range of addresses, but unless you want to be having to packet capture and analyze where the App store is heading too that week it’s a reasonable. I doubt anyone would give up a class B IPv4 range nowadays.
Hope that helps some of you out!