Problems with Collabora and Sophos UTM reverse proxy

Anyone successfully running Collabora behind a Sophos UTM (9.6) reverse proxy?

Environment is current NC 16, current CODE 4 and docker setup following best practice from NC and Collabora team

This setup works perfect inside the LAN:

When accessed from outside, the CODE GUI is loaded but the document not parsed:

In the UTM reverseproxy.log you will find lines with a statuscode 500 like:

2019:09:11-16:44:44 fw-2 httpd: id="0299" srcip="my.client.ip" localip="my.server.ip" size="620" user="-" host="my.client.ip" method="GET" statuscode="500" reason="-" extra="-" exceptions="-" time="14333" url="/lool/https:/my.NC.FQDN/nextcloud/index.php/apps/richdocuments/wopi/files/222626_oczvwerl8jzj?access_token=VD0rd2gwyuliLG0bTGgORabtIWhOZaom&access_token_ttl=0&permission=edit/ws" server="my.CODE.FQDN" port="443" query="?WOPISrc=https%3A%2F%2Fmy.NC.FQDN%2Fnextcloud%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F222626_oczvwerl8jzj&compat=/ws" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="vkcUi9RgZ7CKJvxYw1oscg==" websocket_version="13" uid="XXkIXMCoAv4AAEl0RvsAAAB2"

No other errors in the log. Looks like the Sophos WAF does not play nice with WebSockets.

Suggestions anyone?