joining internal web server to dmz zone

First of all, good choice to build up a DMZ. Network segmentation is a important step in security networking. 

https://en.wikipedia.org/wiki/Network_segmentation

You have two switches? So you can think about VLAN or attaching the Server directly to the XG. This is up to you. 

You would have to give the server a new IP address.

Afterwards it is just "normal" routing. 

thanks for your answer, but if i connect the server directly to sophos xg as a port3 and give it IP address like 192.168.35.236 and the sophos xg ip address 192.168.35.235 for example,can i by routing allow the users in the subnet in 10.10.10.0 connected to 192.168.35.236

thanks for your answer, but if i connect the server directly to sophos xg as a port3 and give it IP address like 192.168.35.236 and the sophos xg ip address 192.168.35.235 for example,can i by routing allow the users in the subnet in 10.10.10.0 connected to 192.168.35.236

You would create a business rule allowing the 10.10.10.0 network to access the DMZ webserver to maintain true DMZ status of that zone. As opposed to routing DMZ traffic directly to the secured zone.