My scenario is
cisco wlc 4404, with 20 access points, I want a internal client wlan, and a guest wlan, I have configured the vlans and wlans, however would it be possible to have all the internet traffic for the guests going out of the port 2 on the controller to the dmz of my firewall? how would I get this to work, the ap's traffic coems through port one on the controller.
You need to have two AP-manager interfaces becuase you are physically connecting two distribution ports on the WLC. When you do that, you must either use LAG (which you cannot do in the case because you are connecting to two different switches) or have an ap-manager assigned to each port (this is how you can have switch redundancy). So yes, it will let you do that. Please refer to the config guide link I sent you for more information on using multiple ap-manager interfaces.
The WLC knows to send the guest traffic out port 2 because the guest WLAN is assigned to the guest interface which in turn is assigned to port 2.
Again, I would highly recommend that you open a TAC case so you can speak with an engineer and discuss this as as you can see, it can be kind of confusing