About Quotas

You can enable time and bandwidth usage quotas for users on your network for access to external sites. This feature is useful for applying a daily limit to your user's Internet usage to enforce corporate acceptable use policies. When a user exceeds the quota limit, a notification message appears in their web browser and further access attempts are denied.

You can set these types of quotas:

  • Time — The time quota is set in minutes per day.
  • Bandwidth — The bandwidth quota is set in MB per day, and is enforced for all TCP and UDP traffic in both directions.

Both time and bandwidth quotas can be enabled at the same time, and the limit that is reached first is enforced. Quota limits are applied to users and groups based on authentication to the Firebox. For groups, time and bandwidth limit totals are applied to each user in a group, and not as a total limit for the entire group.

You can create exceptions to quotas so that any traffic to a specific destination address is not counted towards the usage quota.

Some websites might refresh automatically if left in an open state in a web browser. If a user is authenticated, this can quickly increase quota usage.

Quota Authentication

For a quota to take effect, a user must be authenticated to the Firebox, and match a configured policy. Quotas cannot be enforced if a user is able to access websites without authentication. Quota enforcement applies to local Firebox and external users and groups for all firewall, SSLVPN, IPSec, and L2TP sessions.

You can use the Hotspot-Users group to apply quotas for hotspot guest users.

For more information on authentication and adding users and groups, go to Quota Authentication.

Enable and Configure Quotas

To enable time and bandwidth usage quotas for users and groups on your network, you must:

You can also create quota exceptions for specific destination sites.

Reset a Quota

Quota usage can be reset in these ways:

  • Manual quota reset for a specific user. For more information, go to Quota Status in the next section.
  • Quota daily limit resets the next day (starting at 00:00)
  • Configuration changes reset quotas for users and groups that use the quota action
  • Reboot the Firebox

Quota Status

When you enable and configure bandwidth and time quotas on your Firebox, and there are users connected to your Firebox with quota restrictions, you can review the user quota data and reset the quotas for those connected users.

To view the status of user quotas in Firebox System Manager, select the User Quotas tab.

To view the status of user quotas in Fireware Web UI, select System Status > Quotas.

To reset the quota for a specific user, select the user, then click Reset Quota.

For more information on how to review the status of user quotas, go to Review User Quotas.

Related Topics

About Policy Properties

Firewall Authentication