This guide is for IT support.
What are Filtering Modes?
Filtering Modes allow you to customize and control how Connect filters your end user’s Windows, macOS, and iOS/iPadOS devices. Filtering Modes are set in School Manager on the Configuration > Mobile Agents page. Linewize Support will work with you to select and implement the best filtering modes for your school.
There are two primary filtering modes, each with its own advantages and disadvantages:
- DNS Filtering Mode is the fastest and least intrusive filtering mode but will limit School Manager’s reporting abilities.
- Web Filtering Mode balances performance with reliable filtering by monitoring the common ports used for web content instead of all ports.
On Network or Off Network?
You will see that the Mobile Agent page includes two sections called On School Manager Network (on network) and Off School Manager Network (off network). If your school uses a physical School Manager appliance, you can filter users’ devices differently when they are on your school’s network or a non-school network. Linewize support will work with you to find the best on and off network configurations for your school or district.
If your school does not have a physical appliance (your school uses cloud-filtering), your users’ devices will have the same functionality, both on and off your school's network, based on your Filtering Mode in Off School Manager Network.
Changing the Filtering Modes does not affect the Connect for Chrome. The browser extension intercepts all activity inside the browser instead of using the device’s network to manage filtering.
Default Filtering Mode and Filtering Groups
The Default Filtering Mode allows you to set the filtering mode for the majority of your users. Filtering Groups are pools of users subject to a different filtering mode.
A Default Filtering Mode will be active on your user's device unless the user is in a Filtering Group. Most of the time, Filtering Groups are empty and are only used for special situations. For example, you may enable DNS Filtering for a Group of iPad users while enabling Web Filtering as the default for all other users.
You can use the Connect troubleshooting step on a macOS or Windows device running Linewize Connect to view the “Packet Filter Mode” and learn which Filtering Mode is active.
DNS Filtering Mode
DNS Filtering Mode is the fastest, most basic filtering option. It requires a minimum amount of processor capacity and network bandwidth from your users’ devices. DNS Filtering works with devices running Connect. Connect uses the loopback address (127.0.0.1) to intercept DNS requests before connecting the device to a website. The DNS request is forwarded to a Linewize Cloud DNS filter, where your user policies are applied to the requests. If the content is blocked, the device loads allowed requests or displays a DNS Block Page.
Filtering Groups can also enable DNS Filtering only on iPads to avoid conflicts with Mobile Device Management (MDM) running on the devices.
DNS Filtering Mode does not support MITM (Man In The Middle). MITM is needed for the following:
- Search Reports and Video Reports
- Red Flag risk indicators for search keywords and video content details
- Limiting users’ access to personal accounts using Custom Header filtering when Connect is running macOS and in a Chrome browser.
Things to consider with the DNS Filtering Mode
- DNS filtering mode disables Classwize Pause and Focus.
- School Manager can’t report on searches done through a website such as Google. However, if a user goes directly to a URL, such as YouTube.com, they will still be reported on.
- You can perform SSL inspection from your firewall service in addition to DNS filtering mode.
Web Filtering Mode
Web Filtering Mode is more reliable than DNS Filtering, with only a slight increase in traffic on your physical network and only requires a moderate amount of the user’s device processor. It is a good choice for Windows and macOS. It can also be used with iOS/iPadOS devices that do not use MDM.
When Web Filtering Mode is enabled, Connect uses a packet filter to intercept traffic commonly used for websites, application content, and communications on three common ports:
- Port 53- IP and domains typically used to transmit website content
- Port 80- services like VOIP (voice and chat services), BitTorrent (file sharing between random devices on the internet), remote screen sharing, CDNs (websites queued up on nearby servers), streaming media, gaming services, and web proxies
- Port 443- encrypted data from web connected applications, forms, and websites using Transport Layer Security (TLS)
Things to consider with the WEB Filtering Mode
- You can apply MITM in Web Filtering mode.
- If you apply MITM using School Manager, you can’t perform SSL inspection from your on-premises or cloud firewall service (e.g. fortigate or zscaler).
- School Manager can report on searches done through a search website such as Google in addition to its normal reporting.