We have a web server that is on the DMZ but that will need to query a database that resides inside the network. Now the network team wont allow port 1433 from the web server to the Database server.
The database server is on the Always on availability group and uses a specific listener port. Now my question is if my network team only allows only the Always on availability group listener port will that be a problem and what if the network team dont allow access to that port what are my options.
Sql-server – Web server accessing the database server in Always on availability group
availability-groupsNetworkSecuritysql server 2014web server
Related Question
- SQL Server Web Service – Architecture in Web Environment
- Sql-server – Changing IP Addresses of an Always On Availability Group in SQL Server 2014
- SQL Server Failover Cluster vs Always On Availability Group – Client Access Name Difference
- SQL Server 2014 Listener Port 1433 for Always On Availability Group
- Find DNS Name Associated with Listener of SQL Server Availability Group
- SQL Server – Availability Group Configuration Steps
Best Answer
You can configure an AG Listener to use whatever port you want, and you can configure your application to connect using a non-standard port.
A "normal" DMZ has external access to hosts in the DMZ and limited access from the DMZ to the internal network. If the network team won't allow connectivity from the web server to the databse server, you can put the database server in the DMZ or use a cloud hoster instead of a DMZ.
For instance you can use Azure App Service for hosting, and use Azure App Services Hybrid Connections for secure access to on-prem resources