this sounds like a reverse proxy deployment. You can tell MWG to listen on some IP and Port as a reverse proxy (it will behave like a web server). Whenever a request comes in MWG can forward that request to the original target web server.
In the online rule set library there is a simple reverse proxy example, maybe you want to check and see if this is what you would like to achieve.
Rather than using an internal DNS name like xyz.idexx.com I would - if possible - configure the companys DNS to resolve xyz.cloud.app to the IP address of MWG. This resolves some potential issues with absolute URLs and absolute Redirects.