The gateway is denying the request because the host header does not match the request host name
Tomcat sees the host as mismatch when the request is including the host and port.
The ncat utility send the request as GET https://<servername:443>/connectivity
while postman and curl are sending it as GET /connectivity this why it could not be reproduced with curl.
We can workaround this in the listen port advanced properties you can set
allowHostHeaderMismatch = true
This should bypass the restriction for the host header introduced with the newer tomcat in gateway 10.1