New open ports in firewall needed after update to 1.0.1

After updating to 1.0.1 we see blocked access from rancher server to client

(server) 10.100.0.179 : 443 → ( agent) 20.0.2.177 : 43438
and
(agent) 20.0.2.177 : 22 → (server) 10.100.0.179 : 51332

we have only firewall rules from server to agent port 22 and from agent to server port 443.

why here are new request after upgrade?

Ok. Solved. Security group was changed in aws ;-(