The "Bookmark" template acts similar to a bookmark you save to a web browser: when a user clicks on the bookmark within the Application Portal, the user is redirected to the website directly.
For what you are looking to achieve, try configuring the application with the Application Portal using the "Trusted Header" template. When the user tries to access an application through the App Portal that is configured using the "Trusted Header" template, the identity router will act as a proxy server to proxy the requests from the web server to the user, so users would be able to access the internal web page externally as long as the App Portal can be reached externally.
For more information about the Trusted Header application template, see:
-Trusted Headers: https://community.rsa.com/t5/securid-access-cloud/trusted-headers/ta-p/623034
-Add an Application Using Trusted Headers: https://community.rsa.com/t5/securid-access-cloud/add-an-application-using-trusted-headers/ta-p/623035
