You may have an issue for example where you have a website published on your Sophos UTM but certain users are unable to connect to it. This maybe because the client IP address is on a Sophos UTM Blacklist.
If this is the case check the reverseproxy.log from the command line or the Web Application Firewall log direct from the UTM GUI.
If this is the case you will see authz_blacklist:warn in the log as well as the list that it is blocked on, for example DNSRBL black.rbl.ctipd.astaro.local
Sophos UTM’s use Cyren as their blacklist provider.
If the client is blocked in the logs check on the Cyren website, as it will probably show as suspect on there :-
If this is the case, there should be an option on that page to unblock your IP address, this usually takes a few hours to apply, once applied on the website it may take an hour or so to update on the UTM.