UPDATED with solution for RD WebTools.
I've done some additional testing and research and from what I can tell IIS's application reverse proxy & URL rewrite do not pass authentication information on. There were some pages that talk about configuring IIS to pass on authentication, but I didn't try them due to the fact I don't really have any more time to test this.
So if all you're wanting to use is the RD gateway server to access computers behind your firewall and you're already using port 443 then the solution is to use another port and everything works as expected. If you want to use RD webtools & applications then you need to manually set the gateway using the following PowerShell commands on the Broker machine:
Import-Module RemoteDesktop
Set-RDSessionCollectionConfiguration -CollectionName "YourCollectionName" -CustomRdpProperty "gatewayhostname:s:rdgateway.domain.com:port"
I created a post on IIS.net forums and will link that below as well as some of the other pages I found for future reference in case anyone else runs across this.
Josh
Reference Links:
IIS Reverse Proxy and RD Gateway Server - 401 error
ARR Unable to pass through Windows Authentication
Configure Application Request Routing with Windows Authentication, Kerberos
Configure Application Request Routing
Forwarding NTLM credentials from IIS with ARR and URL Rewrite
NTLM authentication via ARR Reverse Proxy and Identity Server gives 502.3 error
DefaultTSGateway settings for RDS 2016 doesn't apply - External Users RD Can't find Computer