HAPROXY on pf sense - RDP Session keep disconnect and reconnect from a rd Gateway server but not from others

I setup a dual firewall dmz and I have a RD Gateway windows 2019 server in DMZ.

I set port forwarding on First router (external) to the internal, a Pfsense with HAProxy with 3 interface, Wan (DMZ), LAN and another VLAN I use for management purpose.

HAProxy as set to forward remote.mydomain.com to a web server (it has also rd gateway role installed and sstp) on lan and rdp.mydomain.com to the RD Gateway server in DMZ.

The reason is that I try to move rdp in dmz

when I try to connect to a server on lan through rdp in dmz it seems work but the session keep disconnect and reconnect every 30s, so I try to change server timeout from 30000ms to 360000 ms on frontend and on backend but it keep to disconnect and reconnect faster.

I did some tests and the strange things is that if I point the old rd gateway server in lan it works like a charm, also sstp and web server.

It works perfectly even if I set port forwarding on external router directly to the new rdp server in dmz.

could you help me?

i post my configuration

# Automaticaly generated, dont edit manually.
# Generated on: 2022-04-10 03:49
global
    maxconn         1000
    stats socket /tmp/haproxy.socket level admin  expose-fd listeners
    uid         80
    gid         80
    nbproc          1
    nbthread            1
    hard-stop-after     15m
    chroot              /tmp/haproxy_chroot
    daemon
    tune.ssl.default-dh-param   2048
    server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
    bind 127.0.0.1:2200 name localstats
    mode http
    stats enable
    stats admin if TRUE
    stats show-legends
    stats uri /haproxy/haproxy_stats.php?haproxystats=1
    timeout client 5000
    timeout connect 5000
    timeout server 5000

frontend web2
    bind            10.3.5.39:80 name 10.3.5.39:80   
    mode            http
    log         global
    option          http-keep-alive
    option          forwardfor
    acl https ssl_fc
    http-request set-header     X-Forwarded-Proto http if !https
    http-request set-header     X-Forwarded-Proto https if https
    timeout client      3600000
    acl         httpRedirectACL var(txn.txnhost) -m str -i web2.domain.com
    acl         httpRedirectACL var(txn.txnhost) -m str -i agenzia.domain.com
    acl         httpRedirectACL var(txn.txnhost) -m str -i rdp.domain.com
    http-request set-var(txn.txnhost) hdr(host)
    http-request redirect scheme HTTPS  if  httpRedirectACL 
    http-request  deny if { req.hdr_cnt(content-length) gt 1 }
    http-response deny if { res.hdr_cnt(content-length) gt 1 }

frontend FrontendHTTPS
    bind            10.3.5.39:443 name 10.3.5.39:443   
    mode            tcp
    log         global
    timeout client      3600000
    tcp-request inspect-delay   5s
    acl         web2    req.ssl_sni -i web2.domain.com
    acl         agenzia req.ssl_sni -i agenzia.domain.com
    acl         rdp req.ssl_sni -i rdp.domain.com
    tcp-request content accept if { req.ssl_hello_type 1 }
    use_backend BackEnd-web2_ipvANY  if  web2 
    use_backend REMOTE_ipvANY  if  agenzia 
    use_backend RDP_ipvANY  if  rdp 

backend BackEnd-web2_ipvANY
    mode            tcp
    id          100
    log         global
    timeout connect     30000
    timeout server      3600000
    retries         3
    server          web2 10.3.10.71:8443 id 101 check-ssl check inter 1000  verify none 

backend REMOTE_ipvANY
    mode            tcp
    id          102
    log         global
    option          log-health-checks
    timeout connect     30000
    timeout server      8000000
    retries         3
    server          REMOTE 10.3.10.25:443 id 103 check-ssl check inter 1000  verify none 

backend RDP_ipvANY
    mode            tcp
    id          104
    log         global
    option          log-health-checks
    timeout connect     30000
    timeout server      8000000
    retries         3
    server          RDP 10.3.5.19:443 id 103 check-ssl check inter 1000  verify none