To simulate the scenario:

VM1 setup:
Deny inbound AMQP 5672 (NON-SSL) added to FW
VM1 initiate connection over AMQP to VM1 (advanced.config file) (uses outbound 5672 to VM2)

With two shovel in the advanced config

VM2 setup:
Allow inbound AMQP 5672 (NON-SSL) added to FW
Just listener with empty advanced config

We can send data to VM2 from VM1 and the other way around on two different queue and that is sufficent.
As long as we initiate the connection from VM1 where all the config is.

VM1 shovel_get_remote_data recieve on queue11 where source is VM2 and destination is VM1

VM1 shovel_put_local_data publish on queue22 where source is VM1 and destination is VM2

Information before you proceeed.


Shovel with self signed VM2 Server TLS