Your security scanner might return report with an issue as "Web application generated an internal server error" for the layer7 gateway host: https://<gateway host>

This is expected, as the url doesn't include any service endpoint, then the gateway will return HTTP 500 internal server error, and a default "Service Not Found" response.

This scanner report should be regarded as false alert.

If you have to stop the false alert, you can add a catch-all service with resolution path as [/*], and add the return template assertion in the policy to return any http status code and response message as you like. (For example, http 404 and "Service Not Found" response)