2fa enable for foreman webui

Problem: Planning to setup 2fa

Expected outcome: wanted to setup 2fa for webui.

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

Distribution and version:

Other relevant data:

as there is no out the box feature available for 2fa. We are planning to setup a jump host to connect to foreman web. The main question is if i disable incoming 443 connections except from the jump host will there be any other issues for connectivity between smartproxies, clients to foreman.
when i started complete sync i noticed there is the below connections happening from smart proxy to foreman on 443.
tcp 32 0 smartproxy foreman:443 CLOSE_WAIT 2658/python
tcp 32 0 smartproxy foreman:443 CLOSE_WAIT 2660/python
tcp 32 0 smartproxy foreman:443 CLOSE_WAIT 2664/python

nc.app -c 1 --events --umask 18 --pidfile=/var/run/pulp/reserved_resource_worker-0.pid
apache 2664 1847 0 2022 ? 04:24:32 /usr/bin/python /usr/bin/celery worker -n reserved_resource_worker-3@%h -A pulp.server.async.app -c 1 --events --umask 18 --pidfile=/var/run/pulp/reserved_resource_worker-3.pid
apache 2674 1744 0 2022 ? 03:44:52 /usr/bin/python /usr/bin/celery worker -A pulp.server.async.app -n resource_manager@%h -Q resource_manager -c 1 --events --umask 18 --pidfile=/var/run/pulp/resource_manager.pid