Publish TeamCity via Sophos XG Firewall

I am running TeamCity product at home for my development work and would like to publish the site via my Sophos XG Firewall. TeamCity runs on the internal domain namespace and to publish it to the Internet, you need to configure it so that it recognises the external domain namespace.

I don't want to make any change on the TeamCity, and luckily Sophos can do it !

Create Business Application Rule on your Sophos Firewall make sure the "Rewrite HTML" is selected as shown below. That's it!

Let's Encrypt and Sophos XG Firewall

I am publishing my web server behind the Sophos XG firewall. I need SSL certificate that is free and trusted by most of internet browsers. The answer is Let's Encrypt.

I use this site to help integrate with Let's Encrypt : http://zerossl.com

Steps
#1 Generate CSR from the XG firewall and download the CSR and the private key
#2 Navigate to zerossl.com and paste the CSR content
#3 Follow the instruction to validate your domain - I did DNS option by inserting TXT value
#4 Once validation is successful, the signed public key is ready to be downloaded
#5 Upload the signed key to XG firewall along with the private key that was downloaded on step #1
#6 (optional) if XG firewall does not trust Let's Encrypt CA, add this to the Trusted CA

Done!!