Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 5467 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allowing for a "free" download period for individual data use quotas

Joshua Arthurs

I've been looking for a product that allows for this, and am not sure if Sophos UTM will be able to accomplish it.  Hopefully someone could assist with this, or direct me to a product that has the functionality.

I'm in a part of the world that requires we use a satellite internet connection.  It's our only connectivity option.  The equipment is relatively expensive ($895) and data packages of course are a better value per-gigabyte the higher plan you use.  A group of about 8 of us are sharing a plan and equipment.

What I would like to do is set user-based quotas, which I've found this software can do.

What I'm unsure about is if it's possible to set a "free" download period.  The ISP allows traffic between 0100-0700 to not count towards your data quota.

Does anyone have suggestions on how to do this, or which product may make it possible?

Thanks



This thread was automatically locked due to age.
  • 0

    Great question Joshua, and welcome to the User BB!

    I've just realized there may be a gap in my understanding.  I think, but I'm questioning myself, that all you can do is throw away packets the ISP sends you, that you can't necessarily prevent (implicit congestion notification) the packets being sent to you.  Hopefully, one of the Sophos folks will get input from one of their QoS devs/gurus.

    EDIT 2016-10-17: Just to be clear, senders of TCP packets know when packets are lost (implicit congestion notification), so Download Throttling will reduce the rate at which TCP packets are sent.  The same is not true of UDP packets, so although you can prevent UDP packets from reaching the requester, you cannot reduce the bandwidth of packets being sent to the UTM.  Streaming video uses high-bandwidth UDP transmissions.  Google Chrome uses UDP 443 when connecting with Google web servers.

    This sounds like a home-use situation.  If that's correct, or you have a license for Web Protection, you might have better luck with that.  There, you can't set quotas, but you can regulate which sites are available at which times.  You also can see the volumes of traffic.  Use Time Events to have web traffic go via firewall rule(s) at night and via Web Filtering during the day.  If you go over quota, you will know which homes have surpassed the GB/8 allotted to them.

    Cheers - Bob

  • 0 in reply to BAlfson

    Thanks for the welcome, Bob.

    It's definitely closer to a home-use situation than business situation. We're splitting the cost of the service plan because the hardware is expensive and it's unreasonable to set up multiple dishes in our small living area.

    My goal is that everyone has unrestricted internet usage up to their quota. I understand that I won't be able to stop the incoming packets, however if the users are unable to send data out then I'd expect the incoming traffic to be limited. Each user with the current plan will get about 30gb per month during peak times, and unlimited during 0100-0700. I was hoping there was a way to set up rules like between 0100-0700, no traffic is added to quota, and during 0701-2359 it's added to the quota.

    I will keep digging.

    Thanks!

  • 0

    Hi Joshua,

    I liked the question you asked. [Y]

    The feature that you require is not possible with Sophos UTM but, the best part is we have a product that can do this.

    Sophos XG; our next Gen firewall does have this feature. In Sophos XG, you can define a schedule inside a FW-rule along with QOS respectively. That add-on a feature to activate a firewall rule for a certain period of time to work with QOS and filters as required and alongside, it deactivates the FW rule when the schedule is over to give the network a clean access to the internet resources.

    You can learn more about our XG firewall and its home version on our website. 

    Thanks for choosing Sophos.

  • 0 in reply to sachingurung

    Sachingurung,

    Thank you as well for your response.

    I think I'm not explaining myself well, or maybe I'm misunderstanding you two. I don't want to filter traffic, ever, and want to leave access unrestricted. I am only trying to limit the amount of traffic a user can use per month between 0700-0100. Traffic between 0700-0100 is counted towards our monthly data cap, however traffic between 0100-0700 is not counted. I would like to restrict users to their monthly limit without restricting them between 0100-0700.

    I'll look more into XG.

  • +1 in reply to Joshua Arthurs

    Hi Joshua,

    I understand, language can be deceiving at times.

    You can restrict Users with a custom network quota and define it inside a user object with XG. To give you a glimpse of the same, PFA screenshot.

    We configured a Network Traffic Quota and defined it in the User object. Next step will be to configure a scheduled FW rule without filter/restriction as mentioned in your previous post. The FW rule will be considered in a TOP- DOWN approach and the scheduled rule will be active in the configured hours. It will be automatically deactivated and the traffic will flow through the next in line fw rule.

    Hope that helps :)

    Thanks

  • 0 in reply to sachingurung

    Sachingurung,

    If I'm understanding correctly, I will apply the quotas per user and then use a firewall rule to ignore those rules during a certain time.

    I'm curious if this continue to count traffic towards their quota -- meaning if they download 5gb between 0100-0700 (the "free" period) will it count towards their limit?

    Whatever the case, it's a good lead and I'm grabbing the ISO.

    Thanks greatly for pointing me in the direction!