I just ran into @JackGruber’s addition to the FAQ on https://www.thethingsnetwork.org/docs/gateways/thethingsindoor/faq.html 
Q. I want to operate the gateway behind a firewall
The following connections must be permitted in the firewall.
IP Version Protocol Destination Port Description IPv4 TCP lns.{eu us au br as}.thethings.network 443 LNS IPv4 TCP rjs.sm.tc 9191 CUPS IPv4 TCP mh.sm.tc 7007 CUPS IPv4 UDP your DNS server(s) 53 DNS
No mention of router.REGION.thethings.network on port 1700, so I guess that’s not needed.