Connect for Windows, iOS, and macOS Filtering Modes

This guide is for IT support.

What are Filtering Modes?

Filtering Modes allow you to customize and control how Connect filters your end user’s Windows, macOS, and iOS/iPadOS devices. Filtering Modes are set in School Manager on the Configuration > Mobile Agents page. Linewize Support will work with you to select and implement the best filtering modes for your school.
There are three primary filtering modes, each with its own advantages and disadvantages:

  • DNS Filtering Mode is the fastest and least intrusive filtering mode but will limit School Manager’s reporting abilities.
  • Web Filtering Mode balances performance with reliable filtering by monitoring the common ports used for web content instead of all ports.
  • Companion Filtering Mode is designed for Windows devices, the filtering mode integrates Connect for Windows and the browser extension, combining their capabilities to enhance filtering and Classroom Management.

On Network or Off Network?

You will see that the Mobile Agent page includes two sections called On School Manager Network (on network) and Off School Manager Network (off network). If your school uses a physical School Manager appliance, you can filter users’ devices differently when they are on your school’s network or a non-school network. Linewize support will work with you to find the best on and off network configurations for your school or district.
If your school does not have a physical appliance (your school uses cloud-filtering), your users’ devices will have the same functionality, both on and off your school's network, based on your Filtering Mode in Off School Manager Network.


Changing the Filtering Modes does not affect the Connect for Chrome. The browser extension intercepts all activity inside the browser instead of using the device’s network to manage filtering.


Default Filtering Mode and Filtering Groups

The Default Filtering Mode allows you to set the filtering mode for the majority of your users. Filtering Groups are pools of users subject to a different filtering mode.
A Default Filtering Mode will be active on your user's device unless the user is in a Filtering Group. Most of the time, Filtering Groups are empty and are only used for special situations. For example, you may enable DNS Filtering for a Group of iPad users while enabling Web Filtering as the default for all other users.


You can use the Connect troubleshooting step on a macOS or Windows device running Linewize Connect to view the “Packet Filter Mode” and learn which Filtering Mode is active.

DNS Filtering Mode

DNS Filtering Mode is the fastest, most basic filtering option. It requires a minimum amount of processor capacity and network bandwidth from your users’ devices. DNS Filtering works with devices running Connect. Connect uses the loopback address ( to intercept DNS requests before connecting the device to a website. The DNS request is forwarded to a Linewize Cloud DNS filter, where your user policies are applied to the requests. If the content is blocked, the device loads allowed requests or displays a DNS Block Page.

Filtering Groups can also enable DNS Filtering only on iPads to avoid conflicts with Mobile Device Management (MDM) running on the devices.

DNS Filtering Mode does not support MITM (Man In The Middle). MITM is needed for the following:

Things to consider with the DNS Filtering Mode

  • DNS filtering mode disables Classwize Pause and Focus.
  • School Manager can’t report on searches done through a website such as Google. However, if a user goes directly to a URL, such as, they will still be reported on.
  • You can perform SSL inspection from your firewall service in addition to DNS filtering mode.

Web Filtering Mode

Web Filtering Mode is more reliable than DNS Filtering, with only a slight increase in traffic on your physical network and only requires a moderate amount of the user’s device processor. It is a good choice for Windows and macOS. It can also be used with iOS/iPadOS devices that do not use MDM.

When Web Filtering Mode is enabled, Connect uses a packet filter to intercept traffic commonly used for websites, application content, and communications on three common ports:

  • Port 53 - IP and domains typically used to transmit website content
  • Port 80 - services like VOIP (voice and chat services), BitTorrent (file sharing between random devices on the internet), remote screen sharing, CDNs (websites queued up on nearby servers), streaming media, gaming services, and web proxies
  • Port 443 - encrypted data from web-connected applications, forms, and websites using Transport Layer Security (TLS)

Things to consider with the WEB Filtering Mode

  • You can apply MITM in Web Filtering mode.
  • If you apply MITM using School Manager, you can’t perform SSL inspection from your on-premises or cloud firewall service (for example Fortinet or Zscaler).
  • School Manager can report on searches done through a search website such as Google in addition to its normal reporting.

Companion Filtering Mode

Companion Mode integrates Connect for Windows and browser extensions (Google Chrome and Microsoft Edge) to enhance the filtering and Classroom Management features available to Windows devices.

When Companion Mode is enabled, the Connect extension is responsible for:

  • Filtering and reporting with Google Chrome and Microsoft Edge browsers.
  • Classwize features that are unavailable when only Connect for Windows is installed (like Bypass Code, Close Tab, Chat).

While Connect for Windows is responsible for:

  • DNS traffic filtering for browsers without the Connect extension.
  • Authentication and reporting management.
  • Classwize features like Live View, Class Announcement and Screenshots.

Things to consider with the COMPANION Filtering Mode

  • Increased browser support catering to Google Chrome and Microsoft Edge users.
  • Companion Mode ensures Classwize feature parity with the Connect Chromebook offering.
  • Filtering and reporting parity with the Connect extension.
  • The benefit of full SSL inspection without the need for selective SSL inspection.
  • Enhanced reporting capabilities, as the full URL for web traffic from the browser is reported.
  • Windows users can use the Bypass Code and Content Modification features on Google Chrome and Microsoft Edge browsers.


Was this article helpful?
0 out of 1 found this helpful



Please sign in to leave a comment.