OTP MFA on inbound port forwarding rule
The world is asking for more than passwords for OWA and RDS Gateway inbound. Please consider adding OTP so the Sophos Authenticator can support the second factor. So, the RDP Connection Client will https to the RDS Gateway that is behind the XG rule. Something will pop up and ask for a "User Portal"-like authentication before the RDP client hits the gateway. Similarly, the same will happen before the browser hits the OWA page.