Mac Agent Proxy Support

This topic describes how to set up static and dynamic proxy support for the Mac Agent.

Static Proxy Support

  1. From Apple menu > System Preferences, click NetworkActive InterfaceAdvancedProxies.

  2. From Select a protocol to configure, check the protocol you want to set the proxy: Web Proxy (HTTP) or Secured Web Proxy (HTTPS) or both and Install MAC with new parameters.

  3. Click OK.

Dynamic Proxy Support

Dynamic Proxy for Mac Agents is supported (from release 2.0.0.142). This allows agent-server communication to go through different proxies dynamically based on PAC file rules.

When the customer selects Dynamic Proxy during installation, the Proofpoint Agent relies entirely on the operating system’s proxy configuration. The agent does not have its own proxy settings; instead, it uses whatever rules are defined in the PAC (Proxy Auto-Configuration) file.

A PAC file is a small script hosted by the customer’s IT team that tells the system which traffic should go directly to the destination and which traffic should go through the proxy. Because the agent runs under the Local System account, the PAC file must be configured for that account specifically.

Dynamic Proxy requires that Proxy Auto-Configuration (PAC) resides on an accessible Web server.

Authentication of Proxy (with User and Password) is not supported when using Dynamic Proxy.

  1. From Apple menu > System Preferences, click Network , select a network service in the list on the left, click Advanced, then click Proxies.

  2. In the list of protocol to configure, check Automatic Proxy Configuration to enable it.

  3. In the URL field, enter the address of the PAC file.

  4. Click OK and Apply

To verify or update this configuration, run the following commands as Administrator on the endpoint:

  • Check the current PAC file setting:

    bitsadmin /util /getieproxy localsystem

  • Point the system account to the PAC file:

    bitsadmin /util /setieproxy localsystem AUTOSCRIPT http://yourproxy.example.com/proxy.pac

Proxy authentication (username/password) is not supported with Dynamic Proxy.

Changes to PAC files may not take effect immediately; restarting the endpoint will apply them.

Make sure all required Proofpoint backend URLs are safelisted to ensure communication works as expected, see ITM / Endpoint DLP Safelist for Firewall.

Rationale / Impact

Related Topics:

Mac ITM/ Endpoint DLP Agent - Bundle Installation

Uninstalling the Mac Agent