GitLab Replication Communication Direction and Protocols (Geo)

I want to make use of GitLab Replication in a scenario where there is only uni-directional http/s traffic (initiating) allowed from primary to secondaries (so the communication initiation needs to happen from the primary) and even more important ssh between primary and secondary is not allowed.
With regards to the firewall sheet/rules ssh is needed between primary and secondary:

Any ideas whether ssh is really needed and about the communication initiation direction?
Thanks in advance.