I have just setup XG Home on a VM and all is working well until I try to setup a port forward for my CCTV NVR. I have 2 networks the main Lan and VLan 10 the CCTV is on Vlan 10.
I used the DNAT wizard to setup the rule and it created 3 DNAT rules and 1 Firewall Rule. When I try connect to my NVR over 4g using my phone it works fine but when I connect on my local Lan on Wifi it does not work I use the WAN address to connect inside my NVR app on my phone. On my old router this setup used to work fine am I missing something
What you're saying, I think, is that accessing the NVR from outside of your firewall works, but from inside it does not work. What is the firewall rule doing? I assume allowing external traffic to the NVR. (Of which a DNAT rule is translating to the internal IP of your NVR.) Not sure what the other 2 NAT (probably not all DNAT) rules do, though one is probably a "hairpin" rule to map inside access. You might need to add an additional firewall rule to allow the appropriate traffic from your MAIN to your CCTV zones.
My guess would be that your previous router implemented hidden firewall rules when you made certain NAT rules, but Sophos keeps routing, NATing. (NAT rules), and permissions (firewall rules) separate.