Allow app to configure proxy settings

smccurley
New Contributor II

Is it possible to allow an app to add proxy configurations with a configuration profile, similar to something like full disk access?
We're not currently using Forcepoint Neo as a proxy, but this prompt appears during the installation of Forcepoint DLP. If it's not allowed here, the installation will not complete until it's allowed through System Settings/Preferences. I've added configurations for this app to allow network monitoring, disk access, system events, etc., so I assume it's possible here and I'm overlooking it.

MicrosoftTeams-image (3).png

 

7 REPLIES 7

AJPinto
Honored Contributor II

It is possible to enable the system extension with JAMF. Reach out to Forcepoint for instructions. You will need their TeamID, and the name of the system extension you need to allow. This information can found on your own, but I'm figuring your organization is paying for support from Forcepoint.

 

 

 

smccurley
New Contributor II

I built the profile according to Forcepoint's documentation, but this is the one permission it fails to provide. I'm thinking there may be a system service I can add manually, I just need to dig through the apple device management documentation to find it.

Thanks!

AJPinto
Honored Contributor II

JAMF has a payload for this, or you could make the xml manually. JAMF nor the device care how the .mobileconfig is created. I still suggest reaching out to Forcepoint and have them provide you documentation. I have always found Forcepoint to be reasonably helpful in the past.

 

systemextensionsctl list is the command you would need to figure out what information you need for your configuration profile if you wanted to do the leg work yourself. I dont have access to Forcepoint Neo, but below is what NetSkopes app proxy looks like if that helps.

x8nj7@Q74V4012WX ~ % systemextensionsctl list
3 extension(s)
--- com.apple.system_extension.network_extension
*	*	24W52P9M7W	com.netskope.client.Netskope-Client.NetskopeClientMacAppProxy (93.0.1.944/1)	NetskopeClientMacAppProxy	[activated enabled]

AJPinto_0-1683722983837.png

 

 

 

Does this actually work for you though? We have the exact same config profile but our users are still prompted by this when Netskope installs...?

 

Screenshot 2023-06-07 at 1.12.33 pm.png

smccurley
New Contributor II

Unfortunately, no. I was able to build a profile to prevent the install from hanging (it turns out that was a separate issue), but I haven't found any Apple documentation to configure this specific setting and Forcepoint support did not provide any insight.

Were you able to figure out how to enable the Netskope proxy configuration on macs within Jamf pro?

@AbeTechster yep, got there in the end. The trick was to use the Kandji profile from Netskopes scripts page. Weird I know, but it works...Screenshot 2023-08-29 at 9.57.28 am.png
https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts

 

If you get stuck have a look at this Slack thread, there's a few good tips from others who struggled with this as well.
https://macadmins.slack.com/archives/C01NJ2J4WAG/p1686112628832049