Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 34079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic Quota per IP not per user

MoMx

i know there is a traffic quota per user . but is there is any way to make a traffic quota per IP ?

Thanks



This thread was automatically locked due to age.
  • 0
    Yes,
    you can do it using clientless users.

    Ian M
  • 0 in reply to rfcat_vk

    Thanks but that didnot allow me to chnage the Surfing Quota . please see the attched pic . only when i chose normal users i can chose Surfing Quota . but if i chose ClientLess it didnot allow me to chose Surfing Quota neither Internet Access Time .

    and i need to restrick Surf Quota for clientless Such as mobiles . etc

  • 0 in reply to MoMx

    You go to Network Security Control Center -> Clientless Users -> edit the user you want to limit -> policies -> Traffic Shaping. You can select some of the defaults or create your own.

    Ian

    Or you can go System -> Authentication -> Groups and add a traffic quota in the Clientless Open Group(c)

    You will need to add a dummy email address to be able to save the changed configuration. This is planned to be changed in a future release.

    add stuff

  • 0 in reply to rfcat_vk

    i still cant get what you are saying . please see the attached pics .

    as you can see i cant do the traffic Quota if i go with the Open Clientless .

    i can only do that with normal Users.

    I need to limit the daily traffic for Clinetless user .

  • 0 in reply to MoMx
    I confirm that, MOMx.
    When you create the clientless user, by default, it falls into Clientless OpenGroup and cannot be changed (even when you create the user).
    So no way to change clientless group membership. Strange!

    Luk
  • 0

    There is a work around for that, but the user has to authenticate in to the machine thou. You need to bind a user to an IP address, most of you might argue the only way you can implement is under user properties you can bind a user login to a specific IP address, and on the user you can apply traffic quote which also applies from that IP address. But user should be authenticated from that IP address, You can user the Captive portal or the Corporate client to login.

  • 0 in reply to Kranthi
    Thanks Kranthi Yadlapudi for the work around . but in my case it wouldnot help . i hope that Sophos add this in the future release.

    Thanks
  • 0 in reply to Kranthi
    Thank you Kranthi.

    Too much steps. You have to change the behaviour of Clienless user (username with name, email address as optional field and group or shaping).

    Do you imagine us to bind a clientless with servers in this way?

    Luk
  • 0

    Are there any updates to this limitation? I am facing the exact same problem, and I feel like it should be a basic requirement. I'm not sure how reasonable it is to have to force clients to be loaded onto any possible device type in order to gain basic control over traffic.

    As an example, I have the default firewall rule set to allow traffic from LAN to WAN, but gets highest intensity IPS, AV for HTTP/S, etc., and should be set to lowest priority from a Traffic Shaping perspective.

    IP addresses (mobile phones, tablets, etc.) along with laptops, 2 of which run VoiP, will hit different shaping rules, prioritization, IPS intensity, etc. based on which group it falls into. However, these controls shouldn't rely on loading a client - what if you want to control traffic on your network for machines you do not have admin access to load such a client? In an enterprise setting, this could be "guest access", and therefore likely clientless. In a home setting, this could be your work-provided laptop using your home network, with different rules (such as access & bedtime restrictions for kids tablet/iPods).

    In both cases, it's difficult to set those machines apart from each other to set up different rules.

    We can easily do the grouping, but once they're in a group, it's almost useless to have done so. Actually, even that isn't true. It isn't easy to populate the groups - it's convoluted, and difficult to do in bulk, you can't even add device IP's from multiple screens; you have to select the IPs that you know correspond to devices that are currently being displayed, add them, then go to the next screen and scroll through to find more hits, add those, then move to the next screen... but, I digress....

    I was really using this as an opportunity to test out the UTM features of the Sophos platform, as I am also responsible for deployment of such services across my enterprise professionally.

    Some of these silly quirks make it a hard sell.