Configuration options for the Chromebook agent type

Updated 3 years ago by admin

The Agent Configuration screen allows you to create or modify agent profiles for Chromebook agents. Selecting a Chromebook agent profile from the list will allow you to configure the profile.

To see the different Agent Configuration profiles attached to your account, visit your USS Dashboard and click ProductsWeb SecurityAgent Configuration.

Changes made to an agent profile can take up to 15 minutes to propagate to active Chromebook agents. You can force a configuration update using the Update Config option within the agent software itself.


Profile name / Tray icon tooltip

A friendly name for the profile to make it easier to manage. The name is also displayed in the About dialog.

Agent Password

The tamper-proof password which secures the configuration and start/stop options on the agent. This password is automatically generated when the profile is created but can be changed.

Tag web requests with

The Tag to assign to this agent. Tags are used to identify the agent in Filter Rules. Select a tag to use, or choose No Selection if a tag is not required.

Preferred outbound ports

The agent will connect to the Web Security cloud service on ports 1344 & 1345 or 80 & 443. Select the preferred ports here and they will be tried first. If a connection is not established, the agent will try the remaining ports.

Hot Spot mode (Fail Open)

If enabled, the agent will provide unfiltered access if for any reason the Web Security cloud service ports are inaccessible. If not enabled, web access will be blocked until the cloud service becomes available again.

Bypass Categories

The Bypass Categories section contains a list of available categories, created in the Bypass section of the Web Security product. Bypass categories provide a way for the agents to trust particular network resources, so that matching traffic does not get filtered by the Web Security cloud service. A number of pre-defined categories are provided as a starting point for common services.

You can easily see which Bypass categories come from the default provision: default Bypass Categories all have the text (System) appended to their name.
Selecting a category will apply all the overrides in that category to all the agents to which this configuration profile is assigned.
Not all bypass types are available for every agent type.


Seek advice from your service provider if you are unsure what effect changes to these options will have.

Use strict SSL/TLS ciphers

If enabled, the agent will reject connections to Web servers that are configured to use old, deprecated or insecure ciphers (such as rc4 and rc4-md5). This may cause third-party services to stop working. Generally, a web browser will always try and negotiate at the highest possible cipher level supported by the web server.

Profile ID

An internal ID of the agent profile which may be requested by the Service Provider during a troubleshooting session. This ID cannot be changed.


In order to perform SSL/TLS Inspection the agent requires a certificate to be deployed to the Chromebook, usually via the Google Admin console. To obtain the SSL public key to upload to Google Admin, use the copy or Download options in this section.

A new SSL key pair is generated for every Chromebook profile. Deleting and re-adding the profile will regenerate the key.

How did we do?