Configuring Clientless Access

on Sophos Firewall

Sophos Firewall
Version: 19.0v1

[Additional Information]
Sophos Firewall
FW5020: Configuring Clientless Access on Sophos Firewall

April 2022
Version: 19.0v1

© 2022 Sophos Limited. All rights reserved. No part of this document may be used or reproduced
in any form or by any means without the prior written consent of Sophos.

Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and
marks mentioned in this document may be the trademarks or registered trademarks of Sophos
Limited or their respective owners.

While reasonable care has been taken in the preparation of this document, Sophos makes no
warranties, conditions or representations (whether express or implied) as to its completeness or
accuracy. This document is subject to change at any time without notice.

Sophos Limited is a company registered in England number 2096520, whose registered office is at
The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP.

Configuring Clientless Access on Sophos Firewall - 1

 Configuring Clientless Access on Sophos Firewall
In this chapter you will learn how RECOMMENDED KNOWLEDGE AND EXPERIENCE
to create and manage ✓ Configuring Remote Access VPNs on Sophos
bookmarks for clientless SSL VPN Firewall
access.

DURATION

8 minutes

In this chapter you will learn how to create and manage bookmarks for clientless SSL VPN access.

Configuring Clientless Access on Sophos Firewall - 2

 Clientless Access Portal

Clientless SSL VPN connections can be found in the user portal and can be used to provide access
to internal resources without the need for a VPN client to be installed. They are in the VPN section
and will appear below any IPsec and SSL VPNs that have been enabled for the user.

This form of remote access is most useful for providing IT staff with access to internal systems
without exposing them directly to the Internet. For example, providing access to TELNET, SSH, and
RDP, so that IT staff can securely administer key pieces of infrastructure remotely.

Other examples for using this include providing special access for a user to a specific machine with
RDP, often for accounting or finance, or access to timesheets, client tracking, web-based ticking
systems and so forth.

Configuring Clientless Access on Sophos Firewall - 3

 Configuration

Assign bookmarks to users

and groups
2

Define the internal resources

as bookmarks
1

Configuration for Clientless SSL VPN is done in two parts:

• First you create bookmarks, which define the internal resources to be accessed
• Then you create policies to assign the bookmarks to users and groups

Configuring Clientless Access on Sophos Firewall - 4

 Bookmarks

Protocols
• RDP
• TELNET
• SSH
• FTP/FTPS
• SMB
• VNC

When you create the bookmarks, start by selecting the protocol in the ‘Type’ field, this will change
the remaining fields that need to be completed. Bookmarks can be created for: RDP, TELNET, SSH,
FTP, SMB, and VNC.

You can choose to enable automatic login for the bookmark, where you can provide a username
and password that will be used to connect to the resource. This will not be the username and
password for the person using the bookmark in the user portal.

It is important to note that each bookmark represents a session to a resource, so if you wanted to
give five people access to a resource, you would create a bookmark for each. You can enable
session sharing, which means that two users can use the bookmark at the same time, but there
will still only be a single session.

Configuring Clientless Access on Sophos Firewall - 5

 Bookmark Groups

You can also create bookmark groups, which can then be used to assign multiple bookmarks in a
policy.

Configuring Clientless Access on Sophos Firewall - 6

 Clientless Access

Select individual users and user

groups

Once the bookmarks have been created, and optionally added to bookmark groups, they need to
be assigned to a specific user or group using a policy. This simple policy has just three settings:
• A name for the policy
• The users and groups the policy applies to

Configuring Clientless Access on Sophos Firewall - 7

 Clientless Access

Select individual bookmarks and

bookmark groups

• And the bookmarks that can be used

Configuring Clientless Access on Sophos Firewall - 8

 Simulation: Configure Clientless SSL VPN Access

In this simulation you will configure

bookmarks and policies for
clientless SSL VPN access. You will
then login to the user portal to test
your configuration.

LAUNCH SIMULATION CONTINUE

https://training.sophos.com/fw/simulation/ClientlessVpn/1/start.html

In this simulation you will configure bookmarks and policies for clientless SSL VPN access. You
will then login to the user portal to test your configuration.

[Additional Information]

https://training.sophos.com/fw/simulation/ClientlessVpn/1/start.html

Getting Started with Firewall and NT Rules on Sophos Firewall - 9

 Chapter Review

Clientless SSL VPN provides access to internal resources through bookmarks in the VPN
section of the user portal

Bookmarks can be created for: RDP, TELNET, SSH, FTP, SMB, and VNC. Each bookmark is
a single session for that resource

Policies assign bookmarks to users and groups

Here are the main things you learned in this chapter.

Clientless SSL VPN provides access to internal resources through bookmarks in the VPN section of
the user portal.

Bookmarks can be created for: RDP, TELNET, SSH, FTP, SMB, and VNC. Each bookmark is a single
session for that resource.

Policies assign bookmarks to users and groups.

Configuring Clientless Access on Sophos Firewall - 12

Configuring Clientless Access on Sophos Firewall - 13