Web server accessing the database server in Always on availability group

Now my question is if my network team only allows only the Always on availability group listener port will that be a problem

You can configure an AG Listener to use whatever port you want, and you can configure your application to connect using a non-standard port.

what if the network team dont allow access to that port

A "normal" DMZ has external access to hosts in the DMZ and limited access from the DMZ to the internal network. If the network team won't allow connectivity from the web server to the databse server, you can put the database server in the DMZ or use a cloud hoster instead of a DMZ.

For instance you can use Azure App Service for hosting, and use Azure App Services Hybrid Connections for secure access to on-prem resources

• "...you can put the database server in the DMZ." triggered dot gif

  Peter Vandivier

  – Peter Vandivier

  2020年10月27日 15:00:58 +00:00

  Commented Oct 27, 2020 at 15:00
• You can still have a segmented network inside the DMZ. IE it's quite common in Azure to have front-end and back-end subnets with firewalls between.

  David Browne - Microsoft

  – David Browne - Microsoft

  2020年10月27日 15:05:33 +00:00

  Commented Oct 27, 2020 at 15:05
• You can do anything you want. Putting something sensitive inside a network segment undercuts your rationalisation in calling it a "DMZ" though. It's common to use any-any rules "just for the demo". Doesn't make it right though.

  Peter Vandivier

  – Peter Vandivier

  2020年10月27日 15:39:11 +00:00

  Commented Oct 27, 2020 at 15:39
• Right. If it is completely isolated from the internal network, it's not really a DMZ.

  David Browne - Microsoft

  – David Browne - Microsoft

  2020年10月27日 15:45:16 +00:00

  Commented Oct 27, 2020 at 15:45

• sql-server-2014
• availability-groups
• security
• network
• web-server