I've been able to configure merge replication using web sync and it has been working fine. I then tried to use a client that has port 1433 blocked and found out that I could not pull a new subscription without having the client access port 1433 on the database server.
I was under the impression that the only machine that needed direct access to the SQL instance was IIS machine hostingreplisapi.dll.