Your configuration looks correct. You will need to troubleshoot what is getting blocked. It's likely one of the following.
- Are DNS queried allowed from the UAG to the DNS server to resolve the connection server URL?
- Is TCP 443 allowed from the UAG to the connection server.
- Is TCP 22443 allowed from the UAG to the Horizon Agent.
- Verify the Blast/PCoIP tunnel is disabled on the connection server.
- Verify routing is correct from the UAG to the connection server/Horizon Agent.
