I've since found this doesn't work too well when the local SLES firewall is enabled.
The following is a better solution.
First, create a Firewall Service file that contains the necessary ports to open (this assumes the Administration Console and Identity Server run on the one machine - refer to the documentation to adjust as necessary)
Add this content to the file:
## Name: NetIQ Access Manager
## Description: Firewall Configuration file for Access Manager
# space separated list of allowed TCP ports
TCP="80 389 443 524 636 1289 1443 2443 8080 8443:8446"
# space separated list of allowed UDP ports
# space separated list of allowed RPC services
# space separated list of allowed IP protocols
# space separated list of allowed UDP broadcast ports
Next, alter the Firewall configuration to perform the port forwarding.