Site-to-Site VPN with XG 135 and XGS 136

We have an existing XG 135 at our main office and have an XGS 136 at a branch office. We're thinking about creating a Site-to-Site link between them.

I've watched a video about it ( and note that the IP address of the branch office is entered into the main office configuration. We don't have a static IP address at the branch office, would a dynamic DNS host name work?

Also, we would rather the connection from the branch office is unidirectional so it allows access to servers in the main office in the same way as if using Sophos Connect on a client PC. We don't need or want to be able to access the branch office from the main office network. Is this possible, and if so do we need to do any configuration on the main office UTM as IPsec is already configured for remote access? Can the secondary UTM simply act as a client to that?

Edited TAGs
[edited by: emmosophos at 8:12 PM (GMT -7) on 15 Sep 2021]