Yes. With Unified Access Gateway support access to Horizon from the Internet, everything can be done with just TCP 443.
Other ports are optional. i.e.:
PCoIP on TCP/UDP 4172
Blast on TCP 8443 and UDP 8443
UDP Tunnel on UDP 443
It is normal to allow TCP port 80 as well as TCP port 443. This is just so that Horizon user's don't have to enter https:// http port 80 will redirect to https 443.
Your configuration looks correct. You will need to troubleshoot what is getting blocked. It's likely one of the following.
- Are DNS queried allowed from the UAG to the DNS server to resolve the connection server URL?
- Is TCP 443 allowed from the UAG to the connection server.
- Is TCP 22443 allowed from the UAG to the Horizon Agent.
- Verify the Blast/PCoIP tunnel is disabled on the connection server.
- Verify routing is correct from the UAG to the connection server/Horizon Agent.