HTTP/S bookmarks retiring

Am I the only that uses HTTP/S bookmarks and don't know what to do after they'll be removed?

No. We also use it because our production application server uses the old version of Apache and we can not put it in the world. However, the module implemented in XG Firewall works much worse than in the old CyberoamOS and has significant functional limitations. For example, javascript  does not work. This is the only reason why one of our routers is still running on the old CyberOS firmware.
Personally, I am very surprised that instead of gradually adding and developing new functionalities, SFOS collapses ...

You would need Webserver Protection.

As HTML5 Bookmarks would need Network Protection.

Will I be able to use WAF to secure access to an unprotected http service with the ssl certificate and give it only to selected users - as I can do with http bookmarks?

LuCar Toni said:

You would need Webserver Protection.

As HTML5 Bookmarks would need Network Protection.

 

In CyberoamOS, basic protection was enough.

You would create WAF Rule with Backend Authentication. 

https://community.sophos.com/kb/en-us/126470

The WAF will only provide access to the http site (as HTTPS), if you are authenticated. 

Looks promising. Thank you.

Hi Luca,

the bookmarks are very usefull because they are...well...bookmark available in the user portal and protect the web services from the Internet with a SSL VPN.
In this way the services are always available to the employees/customers/whoever, with just credential and OTP.

https://community.sophos.com/kb/en-us/133872

Luca, thanks for the link.

I really don't know anything about the risk of cross-site scripting, so I can't comment about that.

But still, the access to internal web pages with the HTTP/S bookmarks was VERY VERY VERY usefull, especially for users that access from anywhere with just a browser (with no possibility to establish a VPN). In the portal they could have "had" access to all the web services, in a secure way, with just 1 URL in mind: portal.company.com

That proofs that there will be no replacement for WebProxy with OTP authentication. Are you sure you want to retire functionality that you already sold to customers?  That could become expensive for Sophos (e.g. compensation) as this is done fully knowing about what it means!

Hmm i dont understand whats going on here. We have an ancient sonicwall SSL vpn that was EOL a long time ago. We have users using it for a clientless vpn. They can do RDP and in theory, there are bookmarks that work to our internal webservers which we do not let outside the firewall (such as intranet, hvac control, etc, as an example).

I started to set up a clientless VPN on our XG 330. I got to this point, but it seems that the XG330 has the same problem as my sonicwall, its not making an SSO connection.

So i  am trying to troubleshoot that and I see this message about HTTPS bookmarks being depreciated? I don't get it. How would one allow users on the clientless VPN to access internal websites? The WAF (web application firewall) article that is linked on the previous page, seems to be just for punching holes in the firewall, like what i would do to provide an external service access in. Has nothing to do with a user portal bookmark.

So how do i achieve accessing internal web services from an authenticated portal which is clientless? Are you saying you are removing this functionality and it won't be possible anymore? I see allusions to another product or license that can achieve this. Instead of buying a new appliance, i would be willing to spend money to get this working with existing gear. But can someone tell me if its possible and or direct me to a setup guide for this feature? I don't want to spend time setting up the bookmarks if they will just be obsoleted!

it all seems a bit weird.

Is it because you guys cant figure out how to proxy SSO that this is being removed? because thats the problem my sonicwall has. With most services going to SSO it is a must have feature for a clientless vpn for us!!!

Hmm i dont understand whats going on here. We have an ancient sonicwall SSL vpn that was EOL a long time ago. We have users using it for a clientless vpn. They can do RDP and in theory, there are bookmarks that work to our internal webservers which we do not let outside the firewall (such as intranet, hvac control, etc, as an example).

I started to set up a clientless VPN on our XG 330. I got to this point, but it seems that the XG330 has the same problem as my sonicwall, its not making an SSO connection.

So i  am trying to troubleshoot that and I see this message about HTTPS bookmarks being depreciated? I don't get it. How would one allow users on the clientless VPN to access internal websites? The WAF (web application firewall) article that is linked on the previous page, seems to be just for punching holes in the firewall, like what i would do to provide an external service access in. Has nothing to do with a user portal bookmark.

So how do i achieve accessing internal web services from an authenticated portal which is clientless? Are you saying you are removing this functionality and it won't be possible anymore? I see allusions to another product or license that can achieve this. Instead of buying a new appliance, i would be willing to spend money to get this working with existing gear. But can someone tell me if its possible and or direct me to a setup guide for this feature? I don't want to spend time setting up the bookmarks if they will just be obsoleted!

it all seems a bit weird.

Is it because you guys cant figure out how to proxy SSO that this is being removed? because thats the problem my sonicwall has. With most services going to SSO it is a must have feature for a clientless vpn for us!!!