Contact UsContact Us

Quarantining Users Trying to Bypass Filtering

This article is intended for IT support at schools with a School Manager physical appliance.

The Quarantine feature temporarily blocks all internet traffic when a user triggers a filtering rule with the Quarantine flag enabled. School Manager works with your network hardware to block the quarantined user’s internet access for three minutes by default. A new quarantine period will start each time the user violates the rule while connected to your physical network. The default period of time can be changed for you by Linewize support upon request.

Rules with Quarantine enabled apply to all devices connecting to your physical network, including guest users’ and devices running Connect. 

Warning 

Please note, the Quarantine feature does not apply to school networks with cloud-only filtering or when your users connect from outside your network, such as students connecting from home for remote learning.

Quarantine should only be applied to rules where the affected groups or users and the type of activity can be precisely defined. Enabling Quarantine across your whole network or using the wrong type of filter can unnecessarily disconnect users from the internet.

  

Enabling Quarantine Example

Here’s an example for using quarantine to prevent the use of VPN, anonymous proxy or TOR inside your school. You will enable the Quarantine feature on a filter using the signature for Proxies and VPNS. Most VPN services will timeout if the device is disconnected from the internet for three minutes. 

  1. Select Filtering > Content Filtering in School Manager.
  2. Select ADD RULE.
  3. Name the Rule.
    The name in this example is “Block VPNs, Anonymous Proxies, and TOR”.
  4. Select a filter Type.
    You can start typing in the Type field to filter your list of choices.

    Tip

    Quarantine can be used with any Block rule. In this example, we will be quarantining users who try to use “Proxies and VPNS” while connected to your campus network.

  5. Select a Network Range or Group.
    In this example, we are using a Group. When using a Group, start typing any part of the name to filter the list.
  6. Check the Quarantine box.
  7. Click SAVE.

You could take this rule one step further by creating a more granular quarantine rule specifically for students who struggle to stay on task and are known to attempt to bypass the network by using VPN extensions in their web browsers.

  

Frequently Asked Questions

How do I know if my network can use the Quarantine feature?

Schools using a Linewize network appliance can use Quarantine for devices connecting to their physical network.  If you are unsure, contact Linewize support. If you are unsure, contact  Linewize Support.

   

How do I know if a user is quarantined?

You can find details about users who triggered quarantine in Statistics > Realtime > Users and Hosts. Look for a red banner in the Quarantined column. In addition to the IP and Hardware (MAC address) you will be able to see the user’s Login Time and number of Connections they attempted. 

See Realtime Connections Overview for more details.

 

  

How do I resolve repeated quarantines?

You may need to supply a record of the quarantine history to your pastoral care or counselor. The user may need Student wellbeing support. School IT may also need to access the user’s computer to remove applications or settings used for inappropriate access to websites.

The solution can vary by situation. In this example, the VPN, proxy or TOR application also needs to be removed from the user's device by your school’s IT support.

Please contact  Linewize Support if you cannot determine which of the user’s applications is triggering the quarantine. Our support team can also guide you through the best practices for filtering rules.