Sophos XG Firewall: HTTP/S bookmarks feature retirement
In order to improve security and reduce the potential for cross-site scripting (XSS) exploits, Sophos retired the HTTP/S bookmarks feature for clientless access from XG Firewall v18 onward. In June 2020, Sophos also retired this feature from XG Firewall v17.x.
HTTP/S bookmarks are not supported by most database-driven websites that use dynamic URLs. Read more in Sophos Firewall: Bookmarks with dynamic URLs.
All other bookmark types such as RDP, TELNET, SSH, FTP, FTPS, SFTP, SMB and VNC are still supported. For XG Firewall v17.x, the HTTP/S bookmark types will still be visible in the user interface but will not be active. These user interface options will be removed from the drop-down list in an upcoming maintenance release.
On XG Firewall v17.x, after hotfix HF062020.1 is applied, a message will be presented in the XG Firewall Control center. This indicates that the feature has been retired.
End users that are trying to access previously configured HTTP/S bookmarks through the User Portal will be presented with the error below.
The following sections are covered:
Applies to the following Sophos products and versions
Sophos XG Firewall
Alternative features to HTTP/S bookmarks
Use the Web Server Protection (WAF) feature to enable secure external connections to the web servers that were previously published previously via bookmarks.
- Better security options, including protection from XSS exploits
- Supports dynamic URLs and pages
- Flexible authentication options such as basic or form-based
Read more in Sophos XG Firewall: WAF configuration guide.
Use IPSec or SSL VPN to enable secure connections to the internal resources that were previously published via bookmarks.
- Sophos Connect can provide secure tunneling for internal resources while allowing direct connections for general internet traffic
- One-Time Password (OTP) can be used for authentication
- Firewall policies can limit access based on user and service (HTTP, HTTPS)
- Can be used in conjunction with WAF for additional protection
Read more in Sophos XG Firewall: Sophos Connect Client.
For more information on configuring remote access, visit Sophos XG Firewall: Useful links for configuring VPN remote access.