Sophos UTM NAT-NAT

1.Browse to Network Protection | NAT | NAT.

2.Click New NAT rule...

3.Under Position, change the number such that it is the same as your existing DNAT rule. This will cause the new rule to be immediately above the existing rule.
If the Full-NAT rule is below the DNAT rule, the DNAT rule will apply instead, and the Full-NAT rule will not work.

4.Change Rule Type to Full NAT (Source + Destination).

5.Under For traffic from, choose your affected internal network. For example: Internal (LAN) (Network)

6.Under Use service, choose the appropriate service or group of services (eg. HTTP, HTTPS, etc).

7.Under Going to, choose the external address of the server to be forwarded. For example: External (WAN) (Address)

8.Under Change the destination to, choose the internal address of the server.

9.Under Change the source to, choose your UTM's internal address object for the appropriate internal network. For example: Internal (LAN) (Address)

10.Ensure Automatic Firewall rule is checked. Otherwise, ensure you create the appropriate firewall objects.

11.Click Save.

12.Activate the new Full-NAT object.

 

merci @ Alex