[ASK] Consul client ports HTTPS and gRPC Requirement

Hi all,

We want to enable consul connect in our nomad cluster,
we face confusion after reading the docs (ref1, ref2)

I want to ask did HTTPS API (8501) ports and gRPC (8502) ports need to be reachable from / to all consul clients agent (server and client agent)? or just reachable locally from nomad client agent that reside in same node / instance ?