Any server that is accessible directly from the internet is at risk of being a target for a DoS attack done by flooding a server with connect requests. These attacks are hard to prevent because they often emulate valid users. You need to assess the potential impact on your applications. Most people choose to use a gateway because gateways running on server OSes are more able to to handle DoS attacks.
Before making an S7-1500 available via the internet you also need to disable all obsolete security policies and ensure your trust lists are set up properly. You also need procedures in place to handle a revocation of rights for a previously authorized client in a case the certificate is compromised (i.e. a laptop is stolen).
In short, while it is possible to put a PLC on the internet the resulting security risks will usually make a gateway a better solution.