Dedicated Mobile APN - Android Enterprise Corporate-owned dedicated devices

Hello,

We have set up at our MDM solution(Microsoft Intune) a Corporate-owned dedicated profile and configured it to use only specific Mobile APN. We want to allow access from this APN to Google Enterprise Destinations Hosts. I found the below article, Android Enterprise Network Requirements - Android Enterprise Help.

However the Network Team which manages this APN, requires IPs instead of host names(FQDN). Then, I read the end of the article which says “If you need to allow traffic based on IP, you should allow your firewall to accept outgoing connections to all addresses contained in the IP blocks listed in Google's ASN of 15169 listed here.”

I have 2 questions: 

1. Are all these IPs(some not Google as per description) needed;
2. Do the ports remain the same, TCP 443, TCP,UDP 5228-5230
3. What about time.google.com which requires UDP 123;

I understand that these IPs are not static and may be changed.

Thank you.