Hi Carlos,
Though this discussion had nothing to do with direct access to ArcGIS Server (ports - which are 6443/6080 by default - if your savvy can be changed to any port you want), I'd like to clarify some information.
Carlos Colón-Maldonado wrote:
The whole purpose of the web adaptor is so that ports may be omitted on URLs when browsed from a client
wrong.
The web adaptor allows integrating a web server with a GIS Site (remember, a site can have multiple GIS Machines / nodes). A web adaptor forwards calls to your ArcGIS Server nodes and will check your site to see removed or added machines.
A web adaptor also allows exposing the GIS Servers through the standard website port (80/443). Since this is a web standard, these ports are not visible from a clients perspective, but they are still there.
The web adaptor also provides the ability to restrict Desktop ArcGIS Server users from Admin and Publishing access.
And very important, the web adaptor allows leveraging enterprise security from a web-tier level.
using IWA (integrated windows authentication) MUST use a web adaptor on a web server level, the web adaptor WA (windows authentication) - e.g. NTLM or Kerberos PASSES these credentials to ArcGIS Server for all secure services. ArcGIS Server identity store would be tied to Active Directory (for example). This means, only traffic through the web adaptor can only see locked secure services with valid credentials... even if the user had access directly to arcgis server using port (e.g. 6443 - going around the web adaptor)- they would get an unauthorized response because ArcGIS Server is expecting valid credentials from traffic through the web adaptor.