OK, did switch on some logging on my firewall to see what the touchscreen does. Here’s what I figured out:
On boot:
- It asks DNS for connectivitycheck.gstatic.com and establishes a port 80 TCP web connection → Standard Andoid check for internet connectivity
- It asks DNS for www.google.com and establishes a port 443 TCP https connection → Not sure for what - may be second connectivity check or looking for updates
- It asks DNS for asia.pool.ntp.org and establishes a UDP port 123 connection → NTP to get current time.
- It asks DNS for xtrapath2.xtrageo.xtracloud.cn and establishes a port 80 TCP web connection → This is owned by Qualcomm (manufacturer of the SoC the touchscreen runs on and who provided the Android base system most likely) - so another check for system updates?
- It asks DNS for izattime.qcomgeo2.com and does another NTP → Again time - why? Again owned by Quallcomm.
- Then it asks again asia.pool.ntp.org for its time… Well…
And that’s it. After this it sits quiet. Doing nothing. For now more than 15 minutes. I guess I’ve never seen a network participant so quiet 
When I click on “Check for Updates” it gets DNS entry for api.snapmaker.com and establishes a TCP 443 https connection.
Nothing strikes me as problematic.
To @wilsonrobertt 's point on exposing a web server: I 100% agree, but even if the touchscreen exposes a server (and it does! That’s what we use to send files to etc.), it is a local thing. To have this visible from the internet, you’d need to actively configure a NAT rule. Even if you’d switch off your firewall, the local server would not be accessible from the internet, unless your home network uses public IPs (which only people will do that understand enough of IT and networking to know not to run without firewall ).