Its not fun for anyone when you have A team of developers with their dummy's out the pram because you wont open any to any routes on the dmz firewall so they can use some new sexy message queue when any one of the well behaved, well proven, stable alternatives would offer the same advantages.
This sounds exactly like the type of infighting caused by having the developers not responsible for their app in production and having the ops team not responsible for meeting the needs of the app. Right or wrong, if this happens enough the developers will eventually get their own budget and go to Heroku.
Just so we're all clear, opening any to any rules on the DMZ means no longer having a DMZ.
That could be a valid move - there are always trade offs to consider and possibly the trade offs stack up such that you should no longer have a separate network for public facing services.
However it's part of the ops team's role to mediate all interested parties requirements and not just allow random changes to make something work right this second because one party needs it for their requirements. Every other team might be a bit miffed if we opened that thus breaking our SOX and PCI requirements and so landing us with a heavy fine, or worse.
I think the point you're trying to make is there are cases where such an action could be warranted and so the goal should be to make that resolution process as fast and as painless as possible for all parties.
This sounds exactly like the type of infighting caused by having the developers not responsible for their app in production and having the ops team not responsible for meeting the needs of the app. Right or wrong, if this happens enough the developers will eventually get their own budget and go to Heroku.