Contents x
    MDM Deployment for MacOS Agents with Internet Security
    • 28 Jan 2025
    • 1 Minute to read
    • Contributors
      Contents

      MDM Deployment for MacOS Agents with Internet Security

      • Updated on 28 Jan 2025
      • 1 Minute to read
      • Contributors
        Article summary

        Introduction

        The Harmony SASE system includes Web Security features. When Internet Security is enabled on the workspace, the system deploys a locally installed Certificate, Content Filter, and System Extension to perform SSL decryption. These components are typically installed post-login, requiring user approval. Admins can pre-deploy these configurations to eliminate the need for user approval and prevent potential misconfigurations of web security components.

        Deploying the Agent through MDM

        Downloading the Certificate

        Deploying the Content Filter and System Extension

        • For your convenience, we have generated a .mobileconfig file with the needed configurations that can be deployed using MDM:
          Harmony SASE.mobileconfig
        • Alternatively, a Workspace Admin can manually configure the Content Filter and System Extension for deployment through MDM.
          Note
          Each vendor may assign different names to these values.
          • Deploy a Content Filter:
            • Filter Type: Plug-in
            • Connection Name: Harmony SASE
            • Identifier: com.safervpn.osx.smb
            • Filter Webkit traffic: Yes
            • Filter Socket Traffic: Yes
            • Socket Filter Bundle ID: com.safervpn.osx.smb
            • Socket Requirement: identifier "com.safervpn.osx.smb" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "924635PD62"
            • Filter Network Pockets: Yes
            • Pocket Bundle ID: com.safervpn.osx.smb
            • Packet Requirement: identifier "com.safervpn.osx.smb" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "924635PD62"
            • Filter Grade: Firewall
          • Deploy a System Extension:
            • Navigate to where you add the VPN Payload Profiles and add a MacOS profile and context Device Profile.
            • Allow User Overrides: Yes
            • Allowed System Extension Types: Network
            • Team ID: 924635PD62
            • Bundle Identifier: com.safervpn.osx.smb.proxy
        Was this article helpful?
        What's Next