Configuring Walled Garden

This guide is for IT support.

Walled Garden checks if Linewize Connect is installed on user-supplied (BYO) devices when the device attempts to access your school’s physical network. If Connect is not running on the users’ devices, they will be redirected to download the Connect installer. Once Connect is installed, authenticated and protecting a BYO device, the device will then be able to access your school’s physical network. Walled Garden works by redirecting any HTTP connections to the specified download page. Any HTTPS connections will be closed by the appliance.

Unmanaged BYOD macOS

We only support macOS in managed BYOD environments. We do not support unmanaged BYOD macOS environments or devices. Users cannot have administration rights on the device.

Note

See Linewize Connect Minimum System Requirements for the minimum requirements to run Linewize Connect.

Enabling Walled Garden 

  1. In School Manager, go to Configuration > Walled Garden.
  2. Select the Enabled checkbox.
  3. Once this option is enabled, more settings will appear.
  4. Set the Redirect URL to the Linewize Connect download page:
    http://download.linewize.net

Inclusions 

You can limit the scope of Walled Garden to manage the number of devices being onboarded in phases. As needed, you can also require Walled Garden based on network or device criteria.

Important

When setting up the Walled Garden, it is recommended that you limit the scope to specific Users, Groups, IP Address or IP Address Object to avoid widespread disruptions. We recommend you test using various Windows, MacBook, or Chromebook devices before extending the rollout to one or several year levels.

  1. Select Add Inclusion.
  2. Select a Criteria using the dropdown.
Criteria Description Example
Group (Recommended) Applies to include a predefined group using Configuration > Users and Groups > Groups. Include a Students group
User (Recommended) Applies to a specific user using Configuration > Users and Groups > Users. student1@school.com
Network Range Applies to an IP Range. The rule will apply to any device connecting to or from that Network range. 192.168.0.10 - 192.168.0.25
Network Applies to an IP Subnet. The rule will apply to any device connecting to or from that network. 192.168.0.0/255.255.255.0
IP Address Applies to a single IP Address. The rule will apply to any device connecting to or from that IP address. 192.168.0.1
IP Address Object Applies to a list of predefined IP Addresses using Configuration > Object > Pools. The rule will apply to any IP address connecting to or from that list. 192.168.0.1
192.168.0.2
192.168.0.3
  1. Once complete, select Add Inclusion.

Exceptions

You can use Exceptions to exclude your IT infrastructure, school applications, administrative or teaching staff from being required to run Connect to access your school’s physical network.

  1.  Select Add Exception
  2. Select a Criteria using the drop-down.
Criteria Description Example
Application Applies to a specific application Google Play
Website Applies to a specific website google.com
Website Object Applies to a list of predefined websites using Configuration > Object > Pools. google.com
bing.com
bbc.com
Group Applies to include a predefined group using Configuration > Users and Groups > Groups. Include a Students group
User Applies to a specific user using Configuration > Users and Groups > Users. student1@school.com
Network Range Applies to an IP Range. The rule will apply to any device connecting to or from that Network range. 192.168.0.10 - 192.168.0.25
Network Applies to an IP Subnet. The rule will apply to any device connecting to or from that network. 192.168.0.0/255.255.255.0
IP Address Applies to a single IP Address. The rule will apply to any device connecting to or from that IP address. 192.168.0.1
IP Address Object Applies to a list of predefined IP Addresses using Configuration > Object > Pools. The rule will apply to any IP address connecting to or from that list. 192.168.0.1
192.168.0.2
192.168.0.3
  1. Select Signature from the Select Criteria dropdown.

  2. Enter and select Linewize, Qoria and Apple from the Signature dropdown.

  3. Select Website from the Select Criteria dropdown.

  4. Enter microsoft.com, msftconnecttest.com, fz-mza-update-files.s3.ap-southeast-2.amazonaws.com into the Website box.

    1. Website - microsoft.com (used to allow Windows SmartScreen)
    2. Website - msftconnecttest.com (used to allow Windows to check if there’s internet access)
    3. Website - fz-mza-update-files.s3.ap-southeast-2.amazonaws.com (used to allow Linewize Connect download) 

      SM-WalledGarden-EditExclusionModal-20231121-002.png
  5. Select Save Exclusion.
  6. Select Save.

 

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.