It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SecureEdge

How to Deploy the SecureEdge Agent with MDMs

  • Last updated on

A configuration profile provides a simple way to define settings and restrictions for devices, computers, and users. Using a configuration profile, you can pre-configure the macOS network stack with a VPN profile so that upon installation of the SecureEdge Access Agent on end-user devices, the user is not prompted to approve/accept installation of software or policies. This profile does not represent an MDM enrollment profile, and thus can only be deployed via MDM after a device has been enrolled.

The .mobileconfig configuration profile can be copied and pasted from this page, and can then be uploaded to any MDM solution to be used for deployment. Before deploying this profile to all of your managed devices, test it on a local machine as described below.

Using the Tamperproof Feature

To use the Tamperproof  feature mentioned below, you must use the SecureEdge Access Agent app version 1.1.0 or later. Deploying via MDM when using the Tamperproof feature requires using a specific .mobileconfig configuration profile and, in the case of macOS devices, a  .plist  file is required as well. Both file types can be copied and pasted from this page and stored on your macOS device.

Test the Configuration Profile on a Local macOS Device  

  1. Make sure the device does not have SecureEdge Access Agent installed.

  2. When using the Tamperproof feature:

    • Copy and paste the contents of the macOS configuration file as shown in the  .mobileconfig Configuration Profile for macOS- Using Tamperproof section of this article, and name the file .mobileconfig. Download and install the configuration profile to your test macOS device.  The .mobilecconfig file is set to prevent the VPN profile from being uninstalled, and to make sure that the user cannot bypass web filtering by recreating a connection on the VPN when a connection is initiated. 

      profile-install.png

    • Double-click on the .mobileconfig file or open it with a profile installer application, and follow the installation instructions on screen.

    • Go to Profiles, and review and install the profile. This profile is unsigned, so it will be marked as Unsigned accordingly:

      vpn-profile-install.png

    • Go to Settings >VPN  and verify that SecureEdge Access shows up as Disconnected.

      vpn-status.png

    • Open the App Store and search for Barracuda SecureEdge Agent.

      se-agent.png

    • Install the Barracuda SecureEdge Agent and to enroll the user, click Enroll. Note: You can also enroll the user by using the email enrollment link. For more information, see How to Enroll Users in Barracuda SecureEdge. You must ensure that the Tamperproof settings are enabled on the SecureEdge Manager. For more information, see How to Configure SecureEdge Access Global Settings.

    • After installation, check the Network Preferences again for the SecureEdge Access Agent. It should now be in the Connected state and display as active.

      dev-protect.png

  3. If you are using Tamperproof on the macOS device, you also need to copy and paste the contents of the .plist file from this page and store it under /Library/LaunchAgents/ . The .plist file is used to restart the SecureEdge Agent app in case it gets closed.

    • Copy the com.barracuda.guardian.plist file in the /Library/LaunchAgents folder. Note that the administrative users must have appropriate permissions to do so. 

      plist-file-01.png

    • Execute the command launchctl load /Library/LaunchAgents/com.barracuda.guardian.plist.

      .plist -load.png

You can verify the following:

  • You are no longer able to remove or disable the SecureEdge VPN profile on the System Settings page. This is due to the se.mobileconfig profile you have installed.

  • If you stop the process in which the SecureEdge Agent application is running, the application is automatically restarted by the system. This is due to the .plist file .

Important

  • On your device, make sure that the custom SecureEdge Access network profile is installed prior to the installation of the application. Otherwise, there will be two VPN configurations temporarily shown on the Network Preferences tab until the machine is rebooted or the application is restarted.

  • Upon uninstallation, make sure to first uninstall the app and then remove the custom SecureEdge Access configuration profile. Removing the SecureEdge Access MDM profile will remove the Access VPN configuration that it installed in the first place.

The .mobileconfig Configuration Profiles for macOS

The .mobileconfig Configuration Profile for macOS – USING the Tamperproof Feature
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>OnDemandMatchAppEnabled</key>
			<false/>
			<key>PayloadDescription</key>
			<string>Configures Barracuda SecureEdge VPN profile.</string>
			<key>PayloadDisplayName</key>
			<string>Barracuda SecureEdge</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.vpn.managed.190B5F98-6340-4B70-B2CE-11913B298611</string>
			<key>PayloadOrganization</key>
			<string>Barracuda Networks, Inc.</string>
			<key>PayloadType</key>
			<string>com.apple.vpn.managed</string>
			<key>PayloadUUID</key>
			<string>2C0D7638-6071-4ECB-A8D1-CAFAD3F8E679</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>UserDefinedName</key>
			<string>SecureEdge</string>
			<key>VPN</key>
			<dict>
				<key>AuthenticationMethod</key>
				<string>Password</string>
				<key>OnDemandEnabled</key>
				<integer>1</integer>
				<key>OnDemandRules</key>
				<array>
					<dict>
						<key>Action</key>
						<string>Connect</string>
						<key>InterfaceTypeMatch</key>
						<string>WiFi</string>
					</dict>
				</array>
				<key>ProviderBundleIdentifier</key>
				<string>com.barracuda.guardian.macos.extension</string>
				<key>ProviderType</key>
				<string>packet-tunnel</string>
				<key>RemoteAddress</key>
				<string>127.0.0.1</string>
			</dict>
			<key>VPNSubType</key>
			<string>com.barracuda.guardian.macos</string>
			<key>VPNType</key>
			<string>VPN</string>
			<key>VPNUUID</key>
			<string>4812F41C-374A-4859-9106-1D881205A64E</string>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Barracuda SecureEdge VPN Profile</string>
	<key>PayloadDisplayName</key>
	<string>Barracuda SecureEdge - VPN Profile</string>
	<key>PayloadIdentifier</key>
	<string>543CC1DE-AC7A-4227-B45B-2055ACDD0AF5</string>
	<key>PayloadOrganization</key>
	<string>Barracuda Networks, Inc.</string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>A4797083-FC34-4D22-B622-A386141FDAD3</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

The .plist file for macOS USING the Tamperproof Feature
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>KeepAlive</key>
    <true/>
    <key>Label</key>
    <string>com.barracuda.secureedge</string>
    <key>LimitLoadToSessionType</key>
    <string>Aqua</string>
    <key>ProgramArguments</key>
    <array>
        <string>open</string>
        <string>--wait-apps</string>
        <string>/Applications/SecureEdge.app</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>