You do not need to have your instance exposed to the internet. Looking at the documentation, the 503 error means "The app is unable to connect to the Cloud Gateway service. The connection is unavailable or Splunk Cloud Gateway modular_inputs aren't working.". What is suggested to do is to check that the Splunk server can access the internet.
From the troubleshooting docs (references below):
To check if you have WebSocket connection, run the following curl command at the command line:
curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: echo.websocket.org" -H "Origin: https://www.websocket.org"; https://echo.websocket.org
To test WebSocket connectivity between your host and Splunk Cloud Gateway, run the following curl command on command line:
curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: prod.spacebridge.spl.mobi" -H "Origin: https://prod.spacebridge.spl.mobi"; -H "Authorization: c014fb4e" https://prod.spacebridge.spl.mobi/mobile
On the second source, there is also search commands to track down the internal logs to provide more details.
Sources:
https://docs.splunk.com/Documentation/Gateway/1.8.0/Registration/TroubleshootGateway
https://docs.splunk.com/Documentation/Gateway/1.8.0/Registration/TroubleshootConnectionIssues
... View more