Copyright © 2024 Sophos Ltd

Configuring Clientless
Access on Sophos
Firewall

Sophos Firewall
Version: 20.0v1

[Additional Information]

Sophos Firewall
FW5020: Configuring Clientless Access on Sophos Firewall

January 2024
Version: 20.0v1

© 2024 Sophos Limited. All rights reserved. No part of this document may be used or reproduced in any form or by any means without the prior written
consent of Sophos.

Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and marks mentioned in this document may be the
trademarks or registered trademarks of Sophos Limited or their respective owners.

While reasonable care has been taken in the preparation of this document, Sophos makes no warranties, conditions or representations (whether express
or implied) as to its completeness or accuracy. This document is subject to change at any time without notice.

Sophos Limited is a company registered in England number 2096520, whose registered office is at The Pentagon, Abingdon Science Park, Abingdon,
Oxfordshire, OX14 3YP.

Configuring Clientless Access on Sophos Firewall - 1

Copyright
Copyright ©
© 2024
2023 Sophos
Sophos Ltd
Ltd

Configuring Clientless Access on Sophos Firewall

In this chapter you will learn how RECOMMENDED KNOWLEDGE AND EXPERIENCE
to create and manage ✓ How to configure remote access VPNs on Sophos
bookmarks for clientless SSL VPN Firewall
access.

DURATION 8 minutes

In this chapter you will learn how to create and manage bookmarks for clientless SSL VPN access.

Configuring Clientless Access on Sophos Firewall - 2

Copyright © 2024 Sophos Ltd

Clientless Access Portal

Clientless access connections can be found in the VPN portal at the bottom of the page and can be
used to provide access to internal resources without the need for a VPN client to be installed.

This form of remote access is most useful for providing IT staff with access to internal systems without
exposing them directly to the Internet. For example, providing access to TELNET, SSH, and RDP, so that
IT staff can securely administer key pieces of infrastructure remotely.

Other examples for using this include providing special access for a user to a specific machine with
RDP, often for accounting or finance, or access to timesheets, client tracking, web-based ticketing
systems and so forth.

Configuring Clientless Access on Sophos Firewall - 3

Copyright © 2024 Sophos Ltd

Configuration

Assign bookmarks to users

and groups

Define the internal resources

as bookmarks

Configuration for Clientless SSL VPN is done in two parts:

• First you create bookmarks, which define the internal resources to be accessed.
• Then you create policies to assign the bookmarks to users and groups.

Configuring Clientless Access on Sophos Firewall - 4

Copyright © 2024 Sophos Ltd

Bookmarks

Protocols
• RDP
• TELNET
• SSH
• FTP/FTPS
• SMB
• VNC

When you create the bookmarks, start by selecting the protocol in the ‘Type’ field, this will change the
remaining fields that need to be completed. Bookmarks can be created for: RDP, TELNET, SSH, FTP,
SMB, and VNC.

You can choose to enable automatic login for the bookmark, where you can provide a username and
password that will be used to connect to the resource. This will not be the username and password for
the person using the bookmark in the VPN portal.

It is important to note that each bookmark represents a session to a resource, so if you wanted to give
five people access to a resource, you would create a bookmark for each. You can enable session
sharing, which means that two users can use the bookmark at the same time, but there will still only
be a single session.

Configuring Clientless Access on Sophos Firewall - 5

Copyright © 2024 Sophos Ltd

Bookmark Groups

You can also create bookmark groups, which can then be used to assign multiple bookmarks in a
policy.

Configuring Clientless Access on Sophos Firewall - 6

Copyright © 2024 Sophos Ltd

Clientless Access

Select individual users and user

groups

Once the bookmarks have been created, and optionally added to bookmark groups, they need to be
assigned to a specific user or group using a policy. This simple policy has just three settings:
• A name for the policy.
• The users and groups the policy applies to.

Configuring Clientless Access on Sophos Firewall - 7

Copyright © 2024 Sophos Ltd

Clientless Access

Select individual bookmarks and

bookmark groups

And the bookmarks that can be used.

Configuring Clientless Access on Sophos Firewall - 8

Copyright © 2024 Sophos Ltd

Simulation: Configure Clientless SSL VPN Access

In this simulation you will configure bookmarks and

policies for clientless SSL VPN access. You will then login
to the VPN portal to test your configuration.

LAUNCH SIMULATION CONTINUE

https://training.sophos.com/fw/simulation/ClientlessVpn/2/start.html

Please complete this simulation.

Click Launch Simulation to start. Once you have finished, click Continue.

[Additional Information]
https://training.sophos.com/fw/simulation/ClientlessVpn/2/start.html

Configuring Clientless Access on Sophos Firewall - 9

Copyright © 2024 Sophos Ltd

Chapter Review

Clientless SSL VPN provides access to internal resources through bookmarks in the VPN section of the VPN
portal.

Bookmarks can be created for: RDP, TELNET, SSH, FTP, SMB, and VNC. Each bookmark is a single session
for that resource.

Policies assign bookmarks to users and groups.

Here are the main things you learned in this chapter.

Clientless SSL VPN provides access to internal resources through bookmarks in the VPN section of the
VPN portal.

Bookmarks can be created for: RDP, TELNET, SSH, FTP, SMB, and VNC. Each bookmark is a single
session for that resource.

Policies assign bookmarks to users and groups.

Configuring Clientless Access on Sophos Firewall - 13

Copyright © 2024 Sophos Ltd

Configuring Clientless Access on Sophos Firewall - 14