Posted on 05-09-2023 01:47 PM
Is it possible to allow an app to add proxy configurations with a configuration profile, similar to something like full disk access?
We're not currently using Forcepoint Neo as a proxy, but this prompt appears during the installation of Forcepoint DLP. If it's not allowed here, the installation will not complete until it's allowed through System Settings/Preferences. I've added configurations for this app to allow network monitoring, disk access, system events, etc., so I assume it's possible here and I'm overlooking it.
Posted on 05-09-2023 02:36 PM
It is possible to enable the system extension with JAMF. Reach out to Forcepoint for instructions. You will need their TeamID, and the name of the system extension you need to allow. This information can found on your own, but I'm figuring your organization is paying for support from Forcepoint.
Posted on 05-09-2023 03:17 PM
I built the profile according to Forcepoint's documentation, but this is the one permission it fails to provide. I'm thinking there may be a system service I can add manually, I just need to dig through the apple device management documentation to find it.
Thanks!
Posted on 05-10-2023 05:51 AM
JAMF has a payload for this, or you could make the xml manually. JAMF nor the device care how the .mobileconfig is created. I still suggest reaching out to Forcepoint and have them provide you documentation. I have always found Forcepoint to be reasonably helpful in the past.
systemextensionsctl list is the command you would need to figure out what information you need for your configuration profile if you wanted to do the leg work yourself. I dont have access to Forcepoint Neo, but below is what NetSkopes app proxy looks like if that helps.
x8nj7@Q74V4012WX ~ % systemextensionsctl list
3 extension(s)
--- com.apple.system_extension.network_extension
* * 24W52P9M7W com.netskope.client.Netskope-Client.NetskopeClientMacAppProxy (93.0.1.944/1) NetskopeClientMacAppProxy [activated enabled]
Posted on 06-06-2023 11:19 PM
Does this actually work for you though? We have the exact same config profile but our users are still prompted by this when Netskope installs...?
Posted on 06-07-2023 07:12 AM
Unfortunately, no. I was able to build a profile to prevent the install from hanging (it turns out that was a separate issue), but I haven't found any Apple documentation to configure this specific setting and Forcepoint support did not provide any insight.
Posted on 08-28-2023 01:02 PM
Were you able to figure out how to enable the Netskope proxy configuration on macs within Jamf pro?
Posted on 08-28-2023 05:01 PM
@AbeTechster yep, got there in the end. The trick was to use the Kandji profile from Netskopes scripts page. Weird I know, but it works...
https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts
If you get stuck have a look at this Slack thread, there's a few good tips from others who struggled with this as well.
https://macadmins.slack.com/archives/C01NJ2J4WAG/p1686112628832049