RHEV and network-restricted environments

In my lab environment,  there are only a limited number of ports that are open by a firewall external to both the manager and the hypervisors.  This is sufficient to register hypervisors and create and deploy virtual machines.   I can ssh, ping, and access the hosts via http and https.

The problem that I am encountering is that the ports I need to access the consoles via spice or vnc are not open.   I can do very 'hackish' things like create an ssh tunnel forwarding vnc ports from the hypervisor host to the client but this is far less than optimal.  The reality is that the the external firewalls won't be changed without major effort (company policy) so I am wondering what my options are.  I don't think my environment is that unique that this won't be seen elsewhere.

Is there any kind of a proxy that can be setup to enable access to the guests in these environments?  Other solutions?