I was testing a client and had both a remote phone and UC sip client working remote via the MBG and UCA server scenario. While the phone required a teleworker license, the sip shouldn't.
As to hacking the MBG, it will only allow what you program in the way of ports. I don't think Mitel has any blocking software. Possibly you could install fail2ban from contribs.org, You would likely have to find all dependantcies as MBG doesn't support YUM, but the underlying software is pretty close.