for SSL only encryption you will need to close the non SSL ports with your firewall rules. For example: 8091, 8092 should not be allowed in favor of 18092 or 18092.
thanks
-cihan
Based on your link, I think what you are saying is that:
XDCR requires a VPN or SSH tunnels to work securely?
And the only way to prevent remote traffic from getting to 8091 and 8092 require the firewall to do the blocking.
There is no way for the 8091 and 8092 to reject traffic from non-localhost?
That way I can have 2 layers of prevention and no single point of failure, in this case configuration of the firewall vs intelligence in couchbase to prevent unwanted connections.