Many times I found myself having to demonstrate that the communication between the Unified Access Gateway and the Connection Servers was not working due to problems with poorly configured firewall rules. A very useful test is to connect to the UAG console and launch the classic CURL command:
curl -v -k https://<FQDN or IP ADDRESS CS>:443/
the outcome of which is as follows if the connection is ok (HTML output)
or the following if the connection is not enabled on the firewall
More info and tools here: