I was asked to try and find out why a web server could not communicate with the database. After checking all the usual network configurations I was beginning to despair. Together with the sys-admin we started firing off telnet connections, pings, etc, all worked but still SQL clients failed to connect. Finally by luck more than judgement the sys-admin attempted to connect to the database without the SQL instance name. Viola it worked. It seems that when you make a clustered virtual server it forms an alias from both the server names *and* the instance name, i.e. MyServer\MyInstance simply becomes MyClusterServer. We hadn’t had this problem on previous builds because we normally just have the default instance.
Since then it appears the issue is to do with configuring the DMZ firewall to use the port SQL expects to be the port for the default instance (4333 is it?). Therefore confusing clients on the untrusted side, whereas those machines on the trusted side still have to supply the instance name.