Detecting VPN Activity Using School Manager

Have more questions? Submit a request
This article is intended for IT support, School Leadership, and Wellbeing Staff.

A Virtual Private Network (VPN) allows users to hide their identity and access content in different locations. While VPNs have several legitimate purposes, they are commonly used by students to attempt to circumvent school internet filtering.

If you find students are consistently using or trying to use VPNs in a school environment, likely they are actively trying to bypass your school's content filtering rules and impacting the school’s ability to meet its duty of care.

There are a couple of ways to determine if a student is trying to use a VPN. You can review the Red Flags report to find users attempting to run VPNs and the Blocked report to view the number of times a user attempted to access a VPN.

Finding VPN Red Flags

School users tend to inform each other of tricks they have learned to work around your filtering. One way to find groups of users trying to bypass VPN and Proxy blocking is to use the Red Flags report. If you see a trend in a group of users, you may want to use the report to work with your school leadership and wellness staff to reach out to the groups of users  attempting to use the VPNs.

The Risk Indicators column contains a visual representation of the frequency and source of the VPN attempts.

Risk Indicators for VPN Attempts

Single and low frequency risk indicators of attempts to access VPNs are displayed on a white background. High frequency risk indicators of attempts to access VPNs are displayed on a red background.

mceclip2.png mceclip6.png The globe icon is displayed when a user attempts to open a VPN website.
mceclip3.png mceclip5.png The gear icon is diplayed when a user attempts to run a VPN or proxy app.
mceclip4.png mceclip1.png The magnifying glass icon is displayed when a user searches for VPN websites, software or apps, as well as searches attempting to bypass filtering.

To find VPN Red Flags:

  1. Go to Cyber Safety > Red Flags.
  2. Select VPN in the select filter tag box.
  3. Review the filtered list of users.
  4. Use the list to discuss guidance for these students with your school leadership and wellness staff. If you want to keep a record of your results, select the Export Report button to save the list.

Reviewing Policy Violations

You may want to know how persistent these users are at using a VPN to bypass your network filtering. You are likely to find most users will stop trying after your filtering blocks a VPN. However, a user may have a VPN trying to automatically connect or who may be working hard to find a VPN to bypass your network filtering.

If you have set up a Block VPNs filter rule, School Manager will track the number of times students try to violate the rule.

  1. Navigate to Cyber Safety > Blocked.
  2. Select Policies.
  3. Select your policy to filter VPNs.
  4. View the list of users and the number of attempts they have made to access a VPN.

Your users’ devices may need IT support to assist with removing the VPN. Additionally, you may want to share this information with your school leadership or wellness staff if you feel the user’s attempts to use a VPN are intentional or concerned the user may try to restore the VPN.


Contact your IT support if search risk indicators are not displayed and you think VPN search activity has been ocurring. Your IT support can check the MITM and HTTPS Insepction configuration requirments needed to capture search keywords.


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.