This article came from the need of another local tech company to forward an Exacqvision Web Portal to something other than port 80, as it was already in use. I could not find a detail article on how to accomplish Sophos DNAT while changing the port number:

How to configure Sophos DNAT for an internal server

1. Navigate to Firewall then click +Add Firewall Rule and select Business Application Policy.
   
2. Select Application Template and choose DNAT/Full NAT/Load Balancing.
   
3. Fill out the settings as shown below:
   
   1. Rule Name
   2. Source Zones: WAN (and LAN if needed)
   3. Allowed Client Networks: Any
   4. Destination Host/Network: WAN Interface (#eth0-? whichever one you use)
   5. Services: Either select the service you already created or create a new one for the external port to be used as below
      
   6. Protected Servers: Select an existing or create a host entry for the internal server.
   7. Protected Zone: Select the Zone in which the host resides (LAN or DMZ).
   8. Change Destination Port(s): Check this then change the port to the internal port.
4. Click Save to save the configuration.

If your company is using a Sophos router and is unsure of how to configure it, then contact us for assistance in making the best use of your router.