Feature Request - Bring Back HTTPS Bookmarks!

Please, please, PLEASE bring back HTTPS bookmarks, but do it right this time. We have a situation where we wanted to replace an old Cisco ASA 5500 with a Sophos XG but due to the lack of support for HTTP/S bookmarks in the Clientless VPN we can no longer do that. We have been forced to find an alternative and at this point we are stuck with the ASA for now and having to place it on a port on the Sophos placed in the DMZ so the ASA can continue to be used as the method of access to an internal web server. We have setup a Web Protection Firewall Rule as suggested by Sophos as the "alternative" to HTTP/S bookmarks but is far from intuitive or easy to use for the end user. To be as secure as a Clientless VPN connection we are ending up having to set the allowed network to the range served by the SSLVPN server and install the SSLVPN client on end user's machines. This way they can only access the website if they have an account and are allowed SSLVPN access. This is a far cry from the simplicity of a bookmark in a user portal that at most requires one login. In summary, why is it that an OLD Cisco ASA is capable of doing something so simple and the "latest and greatest" from Sophos can't accomplish such a mundane function? 

  • This may be a lot easier than I first realized. In conjunction with a WAF rule, which can be set to allow access to a particular web server based on the originator's IP address, a bookmark could be used to run a script on the firewall that adds the public IP address of the person logged into the User Portal to that rule. In this way we can still restrict access to a particular website via the User Portal and gain all of the benefits of the WAF. The bookmark could update the WAF rule with the user's public IP address and then launch a new browser window (or tab) directed to the intended website. Ideally, once they disconnect from the site or log out of the user portal the public IP address would be removed from the WAF rule since it is possible they are on a public internet connection or don't have a static IP address.