Sophos UTM different HTTPS websites on one public IP

Webserver Protection> Web Application Firewall (WAF) (left) >

Virtual Webservers (top left tab)
and immediately under +New Virtual Webserver click "Open Live Log" 
You're going to see a line with something similar to this in it: It'll also have your public request and server IPs in there, make sure to keep those private before posting if you so choose. 

url="/" server="targetdomain.com" port="443" 

I cannot see any connections in this log?

Here is the output I get.

2021:01:26-09:22:50 SophosFW httpd[31390]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroOrders] does not exist
2021:01:26-09:22:50 SophosFW httpd[6104]: [mpm_worker:notice] [pid 6104:tid 4147730112] AH00297: SIGUSR1 received. Doing graceful restart
2021:01:26-09:22:50 SophosFW httpd[6104]: [remoteip:notice] [pid 6104:tid 4147730112] AH03494: RemoteIPProxyProtocol: disabled on 127.0.0.1:4080
2021:01:26-09:22:50 SophosFW httpd[6104]: [mpm_worker:notice] [pid 6104:tid 4147730112] AH00292: Apache/2.4.39 (Unix) OpenSSL/1.0.2j-fips configured -- resuming normal operations
2021:01:26-09:22:50 SophosFW httpd[6104]: [core:notice] [pid 6104:tid 4147730112] AH00094: Command line: '/usr/apache/bin/httpd'
2021:01:26-09:22:50 SophosFW httpd[6104]: [mpm_worker:warn] [pid 6104:tid 4147730112] AH00291: long lost child came home! (pid 31113)
2021:01:26-09:22:51 SophosFW httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="26700" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1425" url="/status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YA8omyvSuuRqPBRvLe64BAAAAAw"
2021:01:26-09:22:51 SophosFW httpd[31453]: Restarted
2021:01:26-12:24:18 SophosFW httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="164" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1016" url="/lb-status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YA9TItuPDAOxmluGM20WLgAAAAA"
2021:01:26-12:24:27 SophosFW httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="164" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="305" url="/lb-status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YA9TK9uPDAOxmluGM20WLwAAAAE"

And I have prompted connections to both HTTP & HTTPS

The device you're using to generate the request isn't behind (local to) the firewall, is it?

No, I am, connecting from another server completely outside of the network.

any DNAT rules that could apply? I'm not 100% sure of the processing order (I know it's around here somewhere) but if you're NAT'ing (port forwarding) 443/80 to the webserver, it could be bypassing the WAF? 
When you make a request to OWA does it show logs on the WAF logs? 
Turn off the WAF entirely, does your external access to OWA break (or the weird redirect issue occur)? 

I have DNAT rules for the Exchange /OWA/Autodiscover and a DNAT rule for HTTP connection to the second webserver

As I understand the architecture of the Sophos, and I'm not an expert nor an employee/official support, a DNAT will override the WAF. You need to pick one to use. the WAF is going to look at the URL and assign the appropriate backend, the DNAT isn't. In order to have all your subdomains come into the same IP, I think you'd have to use the WAF and cut the DNAT rules. The DNAT rule is probably taking all the requests to (your public IP- it doesn't care about the url) and sending them to your owa backend server. 

I will try disabling all the DNAT rules and see what happens and get back to you, thanks Aaron.

Within virtual webserver-definition you have to select the correct domain for these specific webserver.

With a simple certificate you have to select an available FQHN from dropdown-list.

... but with wildcard-certificate you have to remove the *.mydomain.com from list and add the myserver.mydomain.com definition.

Otherwise, this definition catch all servers matching the " * " ... all.

If this definition is correct already, check if there is a "Request Redirection" definition within Request Redirection.

If there is no logging within Webserver-protection-log, check if you have defined a NAT-rule for this external IP too.

I think DNAT take place above WAF.

Hi Ian - your first thread here - welcome to the UTM Community!

If this is still unresolved, please show us pictures of the Edits of the Virtual Servers.

Cheers - Bob