Usually firewalls are set to only block ports coming in and NOT going out, except for port 25. That way internal users and devices can initiate connections with the internets, but the internets can't initiate connections with internal computers. But yeah WTF it should start with a specific port (most use 80) then once the connection is established jump to whatever port. There are, of course, exceptions, like VNC, File Sharing, Server or Network management, etc.
Is there a way to force a port on the appliance like
www.whatever.com
ort?