You can enable time and bandwidth usage quotas for users on your network for access to external sites. This feature is useful for applying a daily limit to your user's Internet usage to enforce corporate acceptable use policies. When a user exceeds the quota limit, a notification message appears in their web browser and further access attempts are denied.
You can set these types of quotas:
- Time — The time quota is set in minutes per day.
- Bandwidth — The bandwidth quota is set in MB per day, and is enforced for all TCP and UDP traffic in both directions.
Both time and bandwidth quotas can be enabled at the same time, and the limit that is reached first is enforced. Quota limits are applied to users and groups based on authentication to the Firebox. For groups, time and bandwidth limit totals are applied to each user in a group, and not as a total limit for the entire group.
You can create exceptions to quotas so that any traffic to a specific destination address is not counted towards the usage quota.
Some websites might refresh automatically if left in an open state in a web browser. If a user is authenticated, this can quickly increase quota usage.
For a quota to take effect, a user must be authenticated to the Firebox, and match a configured policy. Quotas cannot be enforced if a user is able to access websites without authentication. Quota enforcement applies to local Firebox and external users and groups for all firewall, SSLVPN, IPSec, PPTP, and L2TP sessions.
You can use the Hotspot-Users group to apply quotas for hotspot guest users.
For more information on authentication and adding users and groups, see Quota Authentication.
Enable and Configure Quotas
To enable time and bandwidth usage quotas for users and groups on your network, you must:
- Enable quotas and create quota rules
- Apply a quota action to a rule
- Enable the quota rule in a policy
You can also create quota exceptions for specific destination sites.
Reset a Quota
Quota usage can be reset in these ways:
- Manual quota reset for a specific user. For more information, see Quota Status in the next section.
- Quota daily limit resets the next day (starting at 00:00)
- Configuration changes reset quotas for users and groups that use the quota action
- Reboot the Firebox
When you enable and configure bandwidth and time quotas on your Firebox, and there are users connected to your Firebox with quota restrictions, you can review the user quota data and reset the quotas for those connected users.
To reset the quota for a specific user, select the user, then click Reset Quota.
For more information on how to review the status of user quotas, see Review User Quotas.