Port access to 7171 / 8181 really needed?

Hello Devolutions,

we evaluate implementing Devolutions Gateway.
We recognized, that we need connectivity on Port 7171 to the Devolutions Gateway for it to work from the Clients Web-Browser, which is different than what is shown on your architecture sketch.


1.)
Is this some kind of misconfiguration on our side or is 7171 from the Clients Web-Browser to the Devolutions Gateway really needed to do RDP from Devolutions Server using the Gateway in Web-Browser.

2.)
By security policy, we are not allowed to have direct Internet access to the Devolutions gateway. How shall we secure the 7171/8181 Ports (e.g. is there Reverse Proxy support) - especially in case of 8181 which is TCP and not HTTPs.
Can this be tunneled using HTTPs ?

I am thinking about 2 scenarios

A) Using Azure Frontdoor + WAF with Azure Private Link to Devolutions Gateway, forwarding connections from 443/HTTPS to 7171/HTTPS and tunnel Connections on 443/HTTPS to 8181 TCP

B) Using Azure Application Gateway V2 +WAF with 443 forwarding to 7171 and TLS proxy for 8181

Thank you for your support !

Greetings Jean Pascal