Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 5469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allowing for a "free" download period for individual data use quotas

Joshua Arthurs

I've been looking for a product that allows for this, and am not sure if Sophos UTM will be able to accomplish it.  Hopefully someone could assist with this, or direct me to a product that has the functionality.

I'm in a part of the world that requires we use a satellite internet connection.  It's our only connectivity option.  The equipment is relatively expensive ($895) and data packages of course are a better value per-gigabyte the higher plan you use.  A group of about 8 of us are sharing a plan and equipment.

What I would like to do is set user-based quotas, which I've found this software can do.

What I'm unsure about is if it's possible to set a "free" download period.  The ISP allows traffic between 0100-0700 to not count towards your data quota.

Does anyone have suggestions on how to do this, or which product may make it possible?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Great question Joshua, and welcome to the User BB!

    I've just realized there may be a gap in my understanding.  I think, but I'm questioning myself, that all you can do is throw away packets the ISP sends you, that you can't necessarily prevent (implicit congestion notification) the packets being sent to you.  Hopefully, one of the Sophos folks will get input from one of their QoS devs/gurus.

    EDIT 2016-10-17: Just to be clear, senders of TCP packets know when packets are lost (implicit congestion notification), so Download Throttling will reduce the rate at which TCP packets are sent.  The same is not true of UDP packets, so although you can prevent UDP packets from reaching the requester, you cannot reduce the bandwidth of packets being sent to the UTM.  Streaming video uses high-bandwidth UDP transmissions.  Google Chrome uses UDP 443 when connecting with Google web servers.

    This sounds like a home-use situation.  If that's correct, or you have a license for Web Protection, you might have better luck with that.  There, you can't set quotas, but you can regulate which sites are available at which times.  You also can see the volumes of traffic.  Use Time Events to have web traffic go via firewall rule(s) at night and via Web Filtering during the day.  If you go over quota, you will know which homes have surpassed the GB/8 allotted to them.

    Cheers - Bob

Reply
  • 0

    Great question Joshua, and welcome to the User BB!

    I've just realized there may be a gap in my understanding.  I think, but I'm questioning myself, that all you can do is throw away packets the ISP sends you, that you can't necessarily prevent (implicit congestion notification) the packets being sent to you.  Hopefully, one of the Sophos folks will get input from one of their QoS devs/gurus.

    EDIT 2016-10-17: Just to be clear, senders of TCP packets know when packets are lost (implicit congestion notification), so Download Throttling will reduce the rate at which TCP packets are sent.  The same is not true of UDP packets, so although you can prevent UDP packets from reaching the requester, you cannot reduce the bandwidth of packets being sent to the UTM.  Streaming video uses high-bandwidth UDP transmissions.  Google Chrome uses UDP 443 when connecting with Google web servers.

    This sounds like a home-use situation.  If that's correct, or you have a license for Web Protection, you might have better luck with that.  There, you can't set quotas, but you can regulate which sites are available at which times.  You also can see the volumes of traffic.  Use Time Events to have web traffic go via firewall rule(s) at night and via Web Filtering during the day.  If you go over quota, you will know which homes have surpassed the GB/8 allotted to them.

    Cheers - Bob

Children
  • 0 in reply to BAlfson

    Thanks for the welcome, Bob.

    It's definitely closer to a home-use situation than business situation. We're splitting the cost of the service plan because the hardware is expensive and it's unreasonable to set up multiple dishes in our small living area.

    My goal is that everyone has unrestricted internet usage up to their quota. I understand that I won't be able to stop the incoming packets, however if the users are unable to send data out then I'd expect the incoming traffic to be limited. Each user with the current plan will get about 30gb per month during peak times, and unlimited during 0100-0700. I was hoping there was a way to set up rules like between 0100-0700, no traffic is added to quota, and during 0701-2359 it's added to the quota.

    I will keep digging.

    Thanks!