We're bringing up a new 2017 AlwaysOn AG cluster. 2 HA and 1 DR nodes. Each node will host multiple instances. Named instances will have non-default ports. Node1/Instance1 will use the same port number as Node2/Instance1 and Node3/Instance1, and so forth. Each AG listener will use the port number of the SQL instance where it is hosted. Our firewall team will open the ports between client devices and destination cluster nodes, and also for listeners and the cluster virtual server.
Do mirroring endpoints -- 5022, 5023, etc. -- require firewall ports to be opened like the ports that are used for the SQL instances and listeners?
Thanks.