I have a problem that probably started with a IOS upgrade to 17.5 and 18.4. Our Sophos XG could allowed our users to download vpn client by contacting our public interface, however, that is only possible after activating appliance_access on the console, but this disrupts all other internet traffic and renders this useless, as we have more critical services running through internet traffic. I have tried sophos tech but its useless.
Thank you for contacting the Sophos Community.
Could you please share your Case ID with me so I can follow-up.
Additionally please enable Support Access in your appliance, and send me via PM the Access ID, so I can check your configuration.
My guess is that either you have a DNAT rule using Port ANY, or the specific port for 443, or a stateful firewall by pass.