In order to improve security and reduce the potential for cross-site scripting (XSS) exploits, Sophos retired the HTTP/S bookmarks feature for clientless access from XG Firewall v18 onward. In June 2020, Sophos also retired this feature from XG Firewall v17.x.
HTTP/S bookmarks are not supported by most database-driven websites that use dynamic URLs. Read more in Sophos Firewall: Bookmarks with dynamic URLs.
All other bookmark types such as RDP, TELNET, SSH, FTP, FTPS, SFTP, SMB and VNC are still supported. For XG Firewall v17.x, the HTTP/S bookmark types will still be visible in the user interface but will not be active. These user interface options will be removed from the drop-down list in an upcoming maintenance release.
On XG Firewall v17.x, after hotfix HF062020.1 is applied, a message will be presented in the XG Firewall Control center. This indicates that the feature has been retired.
End users that are trying to access previously configured HTTP/S bookmarks through the User Portal will be presented with the error below.
The following sections are covered:
Applies to the following Sophos products and versions Sophos XG Firewall
Use the Web Server Protection (WAF) feature to enable secure external connections to the web servers that were previously published previously via bookmarks.
Read more in Sophos XG Firewall: WAF configuration guide.
Use IPSec or SSL VPN to enable secure connections to the internal resources that were previously published via bookmarks.
Read more in Sophos XG Firewall: Sophos Connect Client.
For more information on configuring remote access, visit Sophos XG Firewall: Useful links for configuring VPN remote access.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.