Triton Forcepoint AP-WEB

I'm just starting this process as well. Do you have any tips and tricks you care to pass along?

The best practice is to copy the package to the machine locally then run the command to install the software. My policy does this with great success.

Hey Cdinges can you explain how you do this in little deeper detail in regards of the policy you created.

Thank you.

I am curious as well. Would it be possible to share your script in this post?

Sorry for the delayed response.

Yes, I created a package to deploy the files to a folder on the machine then the policy runs a command to kick off the installer. The command line to run is: sudo /usr/sbin/installer -pkg /Library/Application Support/JAMF-CustomApps/triton832607new/WebsenseEndpoint.pkg -target /

According to the vendor this is the best practice.

In theory it should also be possible to create a custom pkg using casper admin with the bundle and deploy that via policy as well. Just an idea, especially now that there are 4 files in the Forcepoint .zip for mac endpoint.

I've tried the custom package using the install files that come with Websense and was able to get it download to the client. Unfortunately, it downloads to the desktop and the script fails to find the installer files after that. Changing the script to point to the desktop does kick off the installation but then the files remain there and that's something that I want to avoid.

I tried the snapshot method as well and it failed.

Any suggestions?

@stevenadler do you have any recommendations?

I was actually able to do this with Composer. In speaking with Jamf, I had to put the files in a place where I wanted the files to download to so that the install could run. Then I dropped the files into Composer and had it create my package. I uploaded the package to Jamf and created the policyI then used the script supplied by cdinges with changes to the location of the files that I need to run. It worked after that but the files don't delete after the install, which I'm okay with.

Do we have a better step by step on this? Just trying to understand how to setup the policy once the package is uploaded to Jamf. Is it setup as an install, and then an option to run a script? Little confused.

Essentially once you have built the package with the Forcepoint Package builder you would upload the file using casper admin.

-You would then want to create a policy to deploy the zip. (ideally with a smart or static group but could be targeted users).

-Then make a second policy that looks for that package already installed and have it run a bash script to run the installer with the sudo prefix.

aka

sudo unzip ./endpoint.zip

sudo ./endpointpackagefile.pkg

The endpoint package (not the classifer.pkg) contains the installer and will call on the other files from the zip so ensure you run the command inside the directory where the zip has been extracted.

I hope this information helps!

Cheers.

NOTE: This should work for the DLP or Web endpoint. Use whatever flags or context paths needed to run in a commandline install in your script.

Thanks. I had already ended up doing exactly that, and it has been working on every policy push. Information is definitely a help.

Thank you. - Vince

https://support.forcepoint.com/KBArticle?id=000016604
Deploying Forcepoint Endpoint for MacOS using Jamf

On a side note, how are you authenticating remote users in a FP hybrid cloud deployment?

Has anyone been successful with using NoMad/Jamf Connect and Triton Forcepoint AP-WEB or on an unbound Mac?

@nimoyjohnson , there's (finally!) a Forcepoint direct connect client and there's no need to have the kerberos ticket.

Hey Everyone,
Are you disabling Kernel Extensions as per Forcepoint's documentation to deploy this software?

https://support.forcepoint.com/KBArticle?id=000016604
https://www.websense.com/content/support/library/endpoint/v85/release_notes/rn_endpt_new.aspx

This doesn't seem like an option for me. I have tried to allow the specific kernel extensions for Forcepoint DLP but the software doesn't install correctly.
Team Id: C489D5E8E8
Bundle Ids: com.websense.endpoint.process, com.websense.endpoint.process.kpi, com.websense.endpoint.dlp

I'm also using their prebuilt Config Profile to give Full disk access. The product installs, but it missing components such as the icon in the menu bar. Any direction would be appreciated.

@daniel.oconnell Are you using any of their scripts?
When I was deploying Forcepoint 20 I found an error in their scripts, which made the installation from not happening
Make sure you use their application on a windows server to create a correct config profile for installation