Creating the MDM profile manually

You can manually create the MDM profile if you have issues importing the MDM profile provided by Forcepoint.

Steps

  1. On the Computers tab, select Configuration Profiles, then click New.
  2. On the General tab, enter Forcepoint Neo in the Name field.
  3. On the VPN tab, enter the following:
    1. Connection Name: Forcepoint Neo
    2. VPN Type: VPN
    3. Identifier: com.forcepoint.neo.ne-app
    4. Server: Forcepoint Neo
    5. Provider Bundle Identifier: com.forcepoint.neo.ne
    6. Select the check box Prohibit users from disabling on-demand VPN settings
  4. Update the Content Filter section as shown in the screen shot below:
  5. On the Privacy Preferences Policy Control tab, define the following components:
    1. Enter the information for the first component.
      • Identifier: com.forcepoint.neo.agent
      • Identifier Type: Bundle ID
      • Code Requirement: identifier "com.forcepoint.neo.agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4388XWHPGW"
      • From App or Service, select SystemPolicyAllFiles and from Access, select Allow
      • From App or Service, select AppleEvents and from Access, select Allow
      • Receiver Identifier: com.apple.systemevents
      • Receiver Identifier Type: <Bundle ID>
      • Receiver Code Requirement: identifier "com.apple.systemevents" and anchor apple
      • From App or Service, select Accessibility, and from Access, select Allow
    2. Press the + button to add a new component, then enter the following information:
      • Identifier: com.forcepoint.neo.es
      • Identifier Type: <Bundle ID>
      • Code Requirement: identifier "com.forcepoint.neo.es" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4388XWHPGW"
      • From App or Service, select SystemPolicyAllFiles, and from Access, select Allow
    3. Press the + button to add a new component, then enter the following information:
      • Identifier: /Library/Application Support/Forcepoint/Neo/EP/bin/fpneoprotectiond
      • Identifier Type: Path
      • Code Requirement: identifier "com.forcepoint.neo.protectiond" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4388XWHPGW"
      • From App or Service, select SystemPolicyAllFiles, and from Access, select Allow
    4. Press the + button to add a new component, then enter the following information:
      • Identifier: /Library/PrivilegedHelperTools/com.forcepoint.neo.privilege-helper
      • Identifier Type: Path
      • Code Requirement: identifier "com.forcepoint.neo.privilege-helper" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4388XWHPGW"
      • From App or Service, select SystemPolicyAllFiles, and from Access, select Allow
    5. Press the + button to add a new component, then enter the following information:
      • Identifier: /Library/Application Support/Websense Endpoint/EPClassifier/EndPointClassifier
      • Identifier Type: <Path>
      • Code Requirement: anchor apple generic
      • From App or Service, select SystemPolicyAllFiles, and from Access, select Allow
    6. Press the + button to add a new component, then enter the following information:
      • Identifier: com.forcepoint.neo.log-collector
      • Identifier Type: <bundle ID>
      • Code Requirement: identifier "com.forcepoint.neo.log-collector" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4388XWHPGW"
      • From App or Service, select SystemPolicyAllFiles, and from Access, select Allow
    7. Press the + button to add a new component, then enter the following information:
      • Identifier: com.forcepoint.neo.protectiond
      • Identifier Type: <bundle ID>
      • Code Requirement: identifier "com.forcepoint.neo.protectiond" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4388XWHPGW"
      • From App or Service, select SystemPolicyAllFiles, and from Access, select Allow
  6. On the Certificate tab, define the following components:
    • Under Certificate Name, enter Forcepoint Cloud CA.
    • Upload the Forcepoint Cloud CA.cer file.
    • Select Allow all apps access.
    • Make sure Allow export from keychain is not selected.
  7. On the Certificate tab, define the following components:
    • Under Certificate Name, enter localhost.
    • Upload the localhost.cer file.
    • Select Allow all apps access.
    • Make sure Allow export from keychain is not selected.

  8. Click Save.
  9. On the System Extensions tab, enter the following:
    1. Select the check box Allow users to approve system extensions
    2. Display Name: 4388XWHPGW
    3. From System Extension Types, select Allowed System Extensions
    4. Team Identifier: 4388XWHPGW
    5. Allowed System Extensions: com.forcepoint.neo.ne, com.forcepoint.neo.es, com.forcepoint.neo.ne-app
  10. On the Computers tab, select Configuration Profiles, then click New.
  11. On the General tab, enter Forcepoint Neo NC Root CA in the Name field.
  12. On the Certificate tab, define the following components:
    • Under Certificate Name, enter Forcepoint Neo NC Root CA.
    • Upload the Forcepoint Neo NC Root CA.cer file.
    • Select Allow all apps access.
    • Make sure Allow export from keychain is not selected.