I agree to that. There is a confusion about what is "bidirectionnal" here. Any TCP connection, once opened by a source towards a destination on a specified port, will have data flowing in both directions by design: https://tools.ietf.org/html/rfc793#section-1.5.
When firewall configuration considerations happen, then the true question to answer is not about flow but rather "who opens that connection ?". Who is the source and who is the destination ? That is what IT staffs asks me all the time : give me your "source + destination + protocol + port involved" (see, this is a one way rule).
Now, I think the deployment server never initiates/opens a connection to the FWDers (poll mecanism from fwders to DS), so to agree with the response above and below made by @jkat54 and @jtacy : on the firewall => unidirection/one way rule for tcp traffic (1 firewall rule allowing connection from FWD => DS).
Hope it helps and confirms the answers made so far by @jkat54 and @jtacy.
... View more