You'll need to open the SafeBoot server port, default 5555, on your company firewall. You'll also need to update all client SDMCFG.ini files with an additional database section for the external IP address. This isn't usually recommended.
You could provide a single entry by referencing a FQDN that resolves internally as the private IP address and externally as the public IP address.
Also, you can always move the port to help reduce your exposure to Internet threats. If there were ever an exploit for the SafeBoot service, at least they wouldn't easily find you sitting on the default port.