raspberry pi homekit bridge access

Setup DNATs for each of the devices or use one of the Remote Access VPN methods to connect to the UTM, then from there you can reach your devices.

Thank you for the reply. I currently have L2TP over IPSEC and Cisco VPN setup for IOS devices. While connected to my VPN I am correctly served my Astaro DNS sever, but I cannot access my Raspberry Pi homekit bridge. I have tried to create a DNAT rule for port 51826, but it still isn't working. I would like to have access to the Raspberry Pi homekit bridge because it controls my garage door. VPN access would be ideal for security, but I can't figure out what is stopping it. Does any one have any ideas? Thanks a lot.

Let's try focusing on the DNAT, being the simplest.

I'm assuming that 51826 is a port used for management of the homekit bridge device, giving you access to some sort of GUI.
When you created the custom service definition, you left source port as 1:65535 and only set destination port as 51826, correct?
Can you please show a screenshot of the details for your DNAT, so it can be confirmed that it is correct?
When you created the Host definition for the Homekit device, you didn't change the Interface setting under Advanced from the default of <Any>, correct?

How did you manage to get homebridge on the rpi running behind sophos UTM at all? 

For me, _hap._tcp bonjour protocol is not visible when the device is behind the sophos network. (via eg. Bonjour Browser)

I've tested this behind a router outside the UTM network, and then it's visible.. I can't figure out how to enable the hap-tcp on sophos..

Anyone?