Configuring Direct IP Filtering for TLS 1.3

This article is for IT Support. 

Important

Only follow these steps if directed by Linewize Support.

This article tells you how to set up Direct IP Filtering for TLS 1.3. This will temporarily resolve an issue in schools using appliance-only filtering, where certain devices may become unfiltered on specific Chrome browser versions.

Step 1: Create an IP Range List

  1. In School Manager, go to Configuration > Objects > Pools.
  2. Select Add Pool.
  3. For the Pool Name, enter Infrastructure - IP Bypass.
  4. Using the Type dropdown, select IP Range List.
  5. Select Save.
  6. Using Import CSV or Add Entry, add assigned IP ranges of your school’s network infrastructure.
  7. Proceed to Step 2.

Step 2: Create an Allow Content Filtering Policy

  1. Go to Filtering > Content Filtering.
  2. Select Create Policy.
  3. Configure the following settings:
    1. For Name, enter Allow - Infrastructure - All - IP Bypass.
    2. Using the Website/Category dropdown, select All Traffic.
    3. Using the Criteria dropdown, select IP Address Object List, then select the list you created earlier (Infrastructure - IP Bypass).
    4. For Action, select Allow.
    5. For Locked, select the checkbox.
    6. Select Save.
  4. Proceed to Step 3.

Step 3: Confirm Advanced Configuration Settings

  1. Go to Debugging > Diagnostics > Advanced Configuration.
  2. Confirm that APPL_HANDLER__HTTPS_DIRECTIP_FILTERING_ENABLED is ticked.
    1. If this setting is disabled, select the checkbox.
    2. Select Save.
  3. Proceed to Step 4.

Step 4: Create a Direct IP Content Filtering Policy

  1. Go to Filtering > Content Filtering.
  2. Select Create Policy.
  3. Configure the following settings:
    1. For Name, enter Block - Direct IP for TLS 1.3
    2. Using the Website/Category dropdown, select HTTP Traffic via DirectIP.
    3. Using the Criteria dropdown, select Group, then select the groups you want this policy to apply to.
    4. For Action, select Block.
    5. For Locked, select the checkbox.
    6. Select Save.
  4. Click and drag this policy to the top of the list, except above any Infrastructure Allow Policy.

Step 5: Test

  1. Test affected devices to determine if the issue is resolved.
  2. If the issue still occurs, contact Linewize Support.

 

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.