We have the same "problem". We plan to implement UAG in our productive environment for three roles (Tunnel, Tunnel Proxy, Content Gateway). We tested security settings with SSL Labs (port 443) and the Dr. Wetter Test script (https://github.com/drwetter/testssl.sh) for port 2020 and 8443 ad 443 as well. All tests show the same negative behaviour. The real TLS settings (version and ciphers) are different than the configured on UAG GUI 😞