SSTP VPN pool not recognized by Access Control

I've set up a site for internal use. Since I wanted to leverage UTMs ability to handle Let's Encrypt certificates I've used Webserver Protection to route the traffic from our public IP to that internal site, and then used Site Path Routing -> Access Control to select allowed networks.

Among those networks is our SSTP pool, which is set up on a Windows Server; clients correctly get IPs from the predefined IP range, but this is obviously NOT handled by Sophos.

However, despite having an IP belonging to the pool specified and allowed via Access Control users using SSTP still report a generic Forbidden message, and logs show these users are, in fact, external.

Any idea what could be the issue? This could possibly be an issue with SSTP itself, but I'm not sure where to look.

Reworked the question due to new information
[edited by: Mateusz Bender at 7:58 PM (GMT -8) on 22 Nov 2022]