ESPHome ports in use?

I’m moving my ESPHome devices to a seperate VLAN.
I know it uses ports 6053 and 8266 (for OTA), but as I can see it, they are the ports used from HA towards ESPHome.
But what about the other way, from the ESPHome devices to HA?
I’ve gotten a few ESP32 Cams, and I don’t get an image from them if I close down the firewall and only let these two ports be open.
I’ve gotten it to work on a hidden SSID, so that part is solved, now I would like to isolate the VLAN as much as possible.

Ok, I found out by @ssieb s help, that esphome only connects out from the HA, not inwards, which makes it a lot easier.
So no ports needed for esphome, and only one for mqtt (tasmota).

do you know, how to solve this? ESPHome issue with a repeater (NAT)
Thanks a lot

I guess if you use the HA API instead of MQTT, then port 8123 needs to be opened from ESPhome devices towards HA ?

Hi Brian, no ports are needed inwards to HA, HA connectes to the ESPHome devices, so if the HA has access to the network the esphome devices uses on port 6053, then there is no problem.