If I'm understanding your request correctly, this is not possible. The CloudGen Firewall is primarily a L3/L4 product built for making filtering decisions based on IP addresses and ports. While it does have some L7 functionality, this is more limited and mainly only allows an extra layer of allow/block decision based on detected L7 data once it has already made an L3/L4 decision to pass traffic.
It sounds like what you would need is a "reverse proxy" behind your firewall; you would then do a normal 1:1 DNAT rule to send all HTTP/HTTPS traffic to your reverse proxy, and then for the reverse proxy to do what it was designed for and use the higher level data (HTTP Host: headers, HTTPS TLS SNI, whatever it may be) in order to route traffic to the correct backend. This is achievable with open source products like Traefik, Nginx, HAProxy and the like, or if you want an off the shelf appliance with support then I believe the Barracuda Load Balancer ADC operates like this as well.Go to the full post