If you have locked down the web management port to 1 IP address and you need to access it from a different IP you can telnet to the router and using the below commands remove the secured Ip address allowing access from the web gui from any IP.
sys server load
sys server secureip web 0.0.0.0
sys server save
sys server disp
There seems to be a bug in the Draytek 2860 router, even though I had changed the management ports from the default 80 and 443 to 8080 and 8080. I was still unable to port forward any 443 traffic and would end up getting an 404 error page from the Draytek 2860.
The next thing I tried was to disable the SSL vpn in the remote/vpn section, this made a change as I now no longer got the 404 error page from the router while trying to browse to https://mail.mydomain.com but still the port forwarding was not working.
After drilling down deeper into the Draytek 2860 SSL VPN settings, I changed the port the SSL VPN uses from 443 to 44444. I did not think that this change would make a difference as the SSL VPN was disabled, I was wrong! The 443 port forward started working, so even though the SSL VPN was disabled, it seems that port 443 was still in use by it.
I hope this post helps others!
This tcpdump command will grab the first 1024 bytes (vs. smaller 68 or so) and line buffer the output for all packets using port 80 (http)
tcpdump -s 1024 -l -A port 80