FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ddsouza_FTNT
Staff
Staff
Article Id 192698
Description
This article explains how to add a quota for bandwidth consuming web sites which will limit users.  A quota will allow access for a specified allocated traffic, calculated separately for each user. Quotas are reset every day at midnight. Users must authenticate with the FortiGate unit. The quota is applied to each user individually so the FortiGate must be able to identify each user. One way to do this is to configure a security policy using the identity based policy feature. Apply the web filter profile in which you have configured FortiGuard Web Filter, and apply FortiGuard Web Filter quotas to such a security policy.

Scope
FortiGate or VDOM in NAT mode.

Solution
There are two basic requirements for this solution:

- Device should have valid web filtering license.
- User identity policy with web filter profile enabled.

Bandwidth consuming websites are allocated with some traffic volume per day. If traffic volume usage for bandwidth consuming websites crosses the limit set by the administrator then connection will be reset

1) Create a new web filter profile or use the default one. In this example the default web filter profile is used. In the default web filter profile set the action as Monitor for bandwidth consuming category.

ddsouza_FD35134_tn_FD35134.jpg

2) Find the ID of the Bandwidth Consuming Category that is to be constrained. Using the get webfilter categories command will show you the ID of the categories. In our case it is g04 (Bandwidth Consuming).

get webfilter categories
g01 Potentially Liable:
       ....
       ....
g02 Adult/Mature Content:
       ....
       ....
g04 Bandwidth Consuming:
       19 Freeware and Software Downloads
       24 File Sharing and Storage
       25 Streaming Media and Download
       72 Peer-to-peer file Sharing
       75 Internet Radio and TV
       76 Internet Telephony
g05 Security Risk:
       ....
       ....

3) The following command shows how to add a quota of 10MB for bandwidth consuming web sites.

config webfilter profile
edit default
config ftgd-wf
config quota
edit 1
set category g04
set type traffic
set unit MB
set value 10
end
end
end

4) Verify that the quota has been set correctly.

Access any video streaming website and open a video link. Once the bandwidth reaches the quota then the allocated user can no longer access the resources listed in bandwidth consuming websites category.

Contributors