diff --git a/hosts/sentinel/default.nix b/hosts/sentinel/default.nix
index d016e0b..810ae96 100644
--- a/hosts/sentinel/default.nix
+++ b/hosts/sentinel/default.nix
@@ -26,6 +26,9 @@
     80
     443
   ];
+  wireguard.proxy-sentinel.firewallRuleForAll.allowedUDPPorts = [
+    443
+  ];
 
   users.groups.acme.members = [ "nginx" ];
   services.nginx.enable = true;
diff --git a/hosts/ward/guests/web-proxy.nix b/hosts/ward/guests/web-proxy.nix
index f88d3c0..96958f5 100644
--- a/hosts/ward/guests/web-proxy.nix
+++ b/hosts/ward/guests/web-proxy.nix
@@ -16,6 +16,9 @@ in
       80
       443
     ];
+    firewallRuleForAll.allowedUDPPorts = [
+      443
+    ];
   };
 
   # This node shall monitor the infrastructure