You can either open port 4750 from your desktop machines to the agents, or you can use nsh proxy and open 4750 from the application server to the agents. Configuring a proxy is in the BladeLogic Administration documentation.
You can also centralize your console in a Citrix machine or Windows with terminal server or in an Unix box with X11 client. In your firewall you add this machine to be able to connect on 4750 to target servers, then user connect on this machine thru ICA or TS or X11 server like Exeed.
The good point of this is that when you need to upgrade your consoles you've to do it in one place.