Configuring a Quota Control Policy
The quota control policy defines users whose quota needs to be managed, assigns the quota to them, and specify the management and control actions after the quota is exceeded.
Prerequisites
Users whose quota statistics need to be collected, managed, and controlled have been specified.
The quota allocation mode and quota data planning have been clarified based on bandwidth requirements of the enterprise.
The quota control policy differs from other policies (such as the security policy and traffic policy) in that if the parameter user of a policy is set to any, this policy applies to all users. Therefore, use this setting with caution to prevent complaints about such network problems as slow or failed to access the Internet at a large scope.
Procedure
- Choose .
- Click Add.
- Configure basic information of the quota control policy, including the name, description, tag, user, and time range.
Parameter Description Name
Indicates a quota control policy name. The name must be different from any existing one.
Description
Indicates description information of the quota control policy.
Description information needs to be clearly described so that an administrator can easily query and maintain the policy.
Tag
The tag identifies and categorizes the policy. You can query policies based on tags and delete, move, enable, or disable policies in batches based on the query results. For the tag description and configuration, see Tag.
User
Indicates the users whose quota statistics need to be collected and controlled.
You can reference local users, user groups, or security groups or create new ones.
If the server has a great number of users, user groups, or security groups and only some of them need to be imported to the FW to implement policy control, select Server Import from the matching conditions of User, online query and import the desired users, user groups, or security groups, and then reference them in policies.NOTE:Only the AD and AD LDAP servers support online query and import of users, user groups, or security groups.
Before that, you need to configure a server import policy in the New User Authentication Options and associate an authentication domain with the configured server import policy.
The server import policy determines the target groups, online query path, and filtering parameter. However, the import type configured in the server import policy does not take effect in this function.
The user name (cn value) on the server is suggested to be the same as the login name (sAMAccountName value).
A policy can reference a maximum of 64 users, user groups, or security groups.
Select Import from Server from the matching conditions of User. If Type is set to User, the device will imports only the names of users, not the user groups or security groups to which the users belong.
Schedule
Indicates the validity period of the quota control policy.
- Configure Internet access resources available to users, namely, the Internet access quota.
- If multiple users (user groups) are configured for a quota control policy, the daily traffic quota, monthly traffic quota, and daily Internet access duration defined in the policy are exclusively used by individual users instead of shared among multiple users.
- If the daily traffic quota, monthly traffic quota, and daily Internet access duration are jointly used, the management and control action is triggered as long as one of them reaches the upper threshold.
- After the quota of a user reaches 100%, the device pushes a portal page to the user's browser to remind the exhaustion of the quota, and the user cannot continue accessing the Internet.
Parameter
Description Daily
Traffic Quota
Indicates the daily traffic quota for each user.
Duration of Internet Use
Indicates the daily Internet access duration for each user.
Reset Time
You can configure the start (reset) time for the collection of daily traffic quota and daily online duration quota statistics if the statistics are not collected on natural days (for example, from 07:00 on each day to 07:00 on the next day). The default start time for the collection of daily traffic quota and daily online duration quota statistics is 00:00 midnight each day.
If daylight saving time (DST) is applied, do not set the start (reset) time for statistics collection to the calibration time. Otherwise, the quota control policies will be abnormal on the DST start and end days.
Mont
Traffic Quota
Indicates the monthly traffic quota for each user.
Reset Time
If the statistics are not collected by calendar month (such as from the 15th day of each month to the 14th day of the next month), you can specify the start date for collecting the monthly traffic quota statistics. The default start date is the 1st day of each month.
Notification Threshold
Indicates a reminder threshold for the quota usage for each user.
If the quota usage reaches the preset reminder threshold, the device pushes a portal page to the user's browser to remind the user of the quota usage.
- Limit the maximum bandwidth of each user whose quota is exhausted.
Parameter Description Excess Max. Bandwidth
Implements direct block (if this value is set to 0) or limits the maximum bandwidth.
The user or user group to which a quota control policy is applied can be configured. If a user is referenced by multiple quota control policies (including the reference of the user group), the actual maximum bandwidth value is determined by the quota specified in the policy of the highest priority.
- Click OK.
Follow-up Procedure
Choose . In the page displayed, you can:
- View the quota usage of the user in real time.
- Clear the quota statistics of the user. Note that if over two quotas reach the threshold, clearing statistics on one quota cannot prevent the FW from performing the management and control action.