Create custom profile

Profile Details

Defines basic information about the profile.

• Profile Name: A mandatory name used to identify the custom profile.
• Description: A brief explanation of the purpose or configuration included in the profile.
• Enable Toggle: Allows administrators to enable or disable the profile. Disabled profiles do not apply to any endpoints.

Applies to

• Select to which endpoints the configuration will apply: Determines which endpoints the profile should target.

  In the Search option, enter the resource name, then click to add to the list for either inclusion or exclusion. You can also use the Add all or Remove all options to remove or add multiple entries. Similarly, you can use the to remove entries that were added earlier for either exclusion or inclusion.

  When including an OU or endpoint in the Include list, all other OUs and endpoints are excluded. The Exclude list overrides the Include list. It is used, for example, to select an OU but exclude specific endpoints that belong to this OU.

  Note: It is not possible to select the same OU or endpoint to both lists. If you include endpoints and exclude an OU they belong to, these endpoints will not be included since the exclusion of them as part of the excluded OU, overrides the inclusion.
• Select OS: Select the operating system running on the endpoint machine.

Display VPN On/Off Toggle

• Display VPN On/Off Toggle: Allow the admin to configure a toggle button for the application.
  • When enabled, a visible On/Off toggle button will appear, allowing the user to activate or deactivate the inspection service.
    • Selecting On activates the VPN, and the application will inspect all network traffic. This means the device will use the configuration from the server to decide whether to proxy or send the traffic directly to the internet.
    • Selecting Off means the application will bypass all traffic and send it directly to the internet.
  • When disabled, the application will not display this toggle button, and all traffic will be subject to inspection by the application.

    For more details, see the Using Forcepoint Mobile application page.

• Login Session Timeout: Set the duration after which the user login credentials need to be re-validated.
• Fail Open:
  • When enabled, the solution will send traffic directly to the internet if the Forcepoint cloud service is down.
  • When disabled, the solution will block web traffic when the Forcepoint cloud service is unavailable.

Bypass Domains, Host IPs, or Subnets

Add domains or host IP addresses that should be bypassed by the Mobile Endpoint Agent on the device. To add an entry, search for the required domain, IP address, or subnet, and click Enter to add it to the list. To remove any entry, select it from the list and click Remove from list.

Example: When a domain such as xyz.com is added to the bypass list, its traffic is sent directly to the internet instead of being routed through the Forcepoint cloud for inspection.

Bypass Corporate Networks for Mobile Bypass

Add the URLs that can be used to ping and identify corporate networks. When connected to these networks, the device will bypass the Mobile Endpoint Agent.

Example: When the corporate network addresses otherURL.companyname.com and pingURL.companyname.com are added to the bypass list, their traffic is sent directly to the internet instead of being routed through the Forcepoint cloud for inspection.

Bypass DNS Bypass List

Add the domains or IP addresses whose DNS queries should bypass the configured DNS servers. To specify a DNS server's IP address, use the escape prefix of DNS followed by the IP address.

Example: When the DNS servers DNS8.1.2.3 and DNS182.7.8.9 are added to the bypass list, their traffic is sent directly to the internet instead of being routed through the Forcepoint cloud for inspection.