WAF real webserver over HTTPS and certificates

Not exactly.  1) configure the real webserver with a certificate.   2) Export thE certificate chain with the private key and a password.  3) import the certificate into UTM and configure it on the virtual webserver.   Now UTM can impersonate the real server.

How is this related to your other question about using nginx in line with WAF?  Should these two threads be merged?

Cheers - Bob

In a way it is related. I reconfigured Seafile now to use Nginx as reverse proxy over DNAT.
Of course it makes no sense to use two reverse proxies in a row. But the alternative to use WAF instead did not work. I.e. if I define the real webserver to use port 8000 of Seafile and another one to talk to port 8082 of Seahub it does not work. Are only port 80 and port 443 allowed for real webservers?

Best - Ralph

Could you help my ignorance?    I thought SEA meant Sophos Enterprise Appliance, and that it only does Email filtering.   Does it do more, or am I confused because SEA and SEAFILE are very different products? 

I'd never heard of seafile before, Doug.  The Sophos Enterprise Console can manage several things including the classic Sophos Endpoint product (not cloud or UTM) and the Sophos Mail Appliances.

The Mail Appliance does a much better job with SPX than does the UTM.

Cheers - Bob

Just for the records: Seafile is a very performant alternative to the Owncloud software.