Category filter

Script to set proxy on Mac

A proxy server is a system or router that acts as a gateway between end-users and the internet. The proxy has its own IP address, which masks the end-users IP address and provides an extra layer of security when browsing the internet.

Apple provides six different proxy configurations on Mac. Using Hexnode UEM, you can configure custom scripts to set-up proxy on remote devices. Use the Execute Custom Script action under the Manage tab to deploy custom scripts and configure proxies on multiple endpoint devices simultaneously.

Scripting language – Bash

File extension – .sh


The sample scripts provided below are adapted from third-party open-source sites.

This doc covers the six different proxy configurations that Apple provides for macOS devices.

FTP proxy

You can use the File Transfer Protocol (FTP) to manage connections based on source and destination addresses as well as user authentication. It can also restrict access to certain file transfer commands depending on the source or destination addresses and user authentication.

For example:

  • networksetup -setftpproxy Wi-Fi 34.222.444.63 312 on shieldgaurd hexnode
  • networksetup -setftpproxystate Wi-Fi on

FTP proxy is not available on macOS 13.0+

Web proxy (HTTP)

The Hyper Text Transfer Protocol (HTTP) is an internet protocol for sending and displaying files on the internet. With this protocol, we can receive requests directly from applications that also use HTTP as their protocol.

For example:

  • networksetup -setwebproxy Wi-Fi 34.222.444.63 312 on securesurfer hexnode
  • networksetup –setwebproxystate Wi-Fi on

Secure web proxy

HTTPS proxy is the more secure version of web proxy that provides end-to-end security for communication. After connecting to the server and confirming the operation to the client, the HTTPS proxy creates a secure channel between the client and the server, ensuring end-to-end security.

For example:

  • networksetup -setsecurewebproxy Wi-Fi 34.222.444.63 312 on gaurdianshield hexnode
  • networksetup –setsecurewebproxystate Wi-Fi on

Streaming proxy

The Streaming proxy server is primarily used to reduce response time, server load and network traffic when streaming multimedia content. It also helps to overcome geo-location restrictions when accessing certain streaming content, thus providing unrestricted access.

For example:

  • networksetup -setstreamingproxy Wi-Fi 34.222.444.63 312 on sentinelgaurd hexnode
  • networksetup –setstreamingproxystate Wi-Fi on

Streaming proxy is not available on macOS 13.0+

Gopher proxy

Gopher proxy is a communication protocol designed for accessing only Gopher content in IP networks. Gopher proxy converts Gopher content into web pages as and when you request it, so you can browse Gopher content as you would browse the World Wide Web.

For example:

  • networksetup -setgopherproxy Wi-Fi 34.222.444.63 312 on protectorshield hexnode
  • networksetup –setgopherproxystate Wi-Fi on

Gopher proxy is not available on macOS 13.0+

SOCKS firewall proxy

Secure Sockets, or SOCKS, is a form of proxy connection protocol that is generic and supports almost any application. SOCKS firewall proxy is a widely accepted protocol and is often used as the default option.

For example:

  • networksetup -setsocksfirewallproxy Wi-Fi 34.222.444.63 312 on shieldmaster hexnode
  • networksetup –setsocksfirewallproxystate Wi-Fi on
  • Replace <networkservice> with the network name. This field is not case-sensitive.
  • The <domain> field can be replaced with either domain name or server IP address.
  • Replace <authenticated> with ‘on’ or ‘off’ to enable/disable proxy authentication. If authentication is enabled, provide the username and password. If it is disabled, then credentials will be asked when the user tries to access the internet using the proxy.
  • Replace <on off> with ‘on’ to turn on proxy. To turn off the proxy, replace the field with ‘off’.
  • If an already existing proxy is being setup using custom script, an error will be shown, and the script will not be run.

  • In Bash scripts, if the service name contains a space in between, enclose it with single quotes to prevent the shell interpreter from interpreting the space as a separator and assuming they were two different arguments.
  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

  • Sample Script Repository