Skip to content

Sophos XG Firewall: HTTP/S bookmarks feature retirement

Overview

In order to improve security and reduce the potential for cross-site scripting (XSS) exploits, Sophos retired the HTTP/S bookmarks feature for clientless access from XG Firewall v18 onward. In June 2020, Sophos also retired this feature from XG Firewall v17.x.

HTTP/S bookmarks are not supported by most database-driven websites that use dynamic URLs. Read more in Sophos Firewall: Bookmarks with dynamic URLs.

All other bookmark types such as RDP, TELNET, SSH, FTP, FTPS, SFTP, SMB and VNC are still supported. For XG Firewall v17.x, the HTTP/S bookmark types will still be visible in the user interface but will not be active. These user interface options will be removed from the drop-down list in an upcoming maintenance release.

On XG Firewall v17.x, after hotfix HF062020.1 is applied, a message will be presented in the XG Firewall Control center. This indicates that the feature has been retired.

End users that are trying to access previously configured HTTP/S bookmarks through the User Portal will be presented with the error below.

The following sections are covered:

Applies to the following Sophos products and versions
Sophos XG Firewall

Alternative features to HTTP/S bookmarks

Use the Web Server Protection (WAF) feature to enable secure external connections to the web servers that were previously published previously via bookmarks.

  • Better security options, including protection from XSS exploits
  • Supports dynamic URLs and pages
  • Flexible authentication options such as basic or form-based

Read more in Sophos XG Firewall: WAF configuration guide.

Use IPSec or SSL VPN to enable secure connections to the internal resources that were previously published via bookmarks.

  • Sophos Connect can provide secure tunneling for internal resources while allowing direct connections for general internet traffic
  • One-Time Password (OTP) can be used for authentication
  • Firewall policies can limit access based on user and service (HTTP, HTTPS)
  • Can be used in conjunction with WAF for additional protection

Read more in Sophos XG Firewall: Sophos Connect Client.

For more information on configuring remote access, visit Sophos XG Firewall: Useful links for configuring VPN remote access.

Previous article Advisory: Sophos Central Maintenance scheduled

More Sophos News Posts