So I want to implement a new RD Gateway solution for my company and I have an internal local DNS server farm for my remote desktop servers which for example is called ts.XXX.com. So now I want users to be able to access this server farm through my RD Gateway which I've installed, applied certificates, set access users, etc. Essentially I'm ready to go on that end.
So my question is, in order to force a outside user through the RD Gateway server first before the session host, which has to be ported through the firewall? Based on my research I'm assuming that the IP address/DNS for my RD Gateway server is the only thing I need to open to the outside. Then I'm assuming I would ask outside users to setup their RDP settings as follows (attached screencap Example).
I've also set our server farm (ts.XXX.com) in the "Manage locally stored computer groups" which is what the users can access (see screencap Example #2). So in RDP then, our users should be able to add the RD Gateway server in the RDP settings, enter ts.XXX.com as the PC they're connecting with and I'm assuming it would then ask for login credentials and we're good to go? So if that's correct, all I need to know is with my firewall, am I simply just port forwarding the IP address of the RD Gateway server and port 443 only to achieve this connection?