This is what I have figured out:
1) Registry Entry externalBlastPort appears to change the port that the web client will expect Blast to be on
2) Whatever you set externalBlastPort to, if changing from the default you also need to change the Blast GPO parameter http service to that port.
By doing #1 and #2, blast internally works for me now, when using a non-default port. However, even with all the ports forwarded, blast does not work externally. Looks at the logs via fiddler, I never see the request for the HTTPS Tunnel to the blast port, everything shows as 1000, which is my HTTPS port for view agent.
Other thing I noticed, if I change the port that view agent is running on (registry entry: httpsPortNumber) to anything but 443, Blast is broken internally and externally.