Control VPN User on the total download


We are in process of purchasing new hardware for VPN.  We have few requirements that we would like to implement.

1.  Give access to user to shared folders though control them on how much they can download or upload when they are working from remote site.  User cannot copy, let say 15MB, files to desktop or from desktop to network through VPN.

2.  Have the very good security.

3.  Currenlty we have Watchgaurd SOHO, we are looking into Watchguard X700.

Please provide feedback and input on how to implement. The major thing is controlling user on how much they can copy or delete or past through VPN connection.
Who is Participating?
Rich RumbleSecurity SamuraiCommented:
I've not seen this feature in a VPN solution yet, you can limit the bandwidth speed in most vpn's but not the total amount of up/downloads... it'd be very tough for a VPN to seperate the totals... VPN's use keep-alives and they add to the BW, and if your users are checking mail etc... that'd be tough for the client or the vpn concentrator to differntiate.
And looking over the specs and whitepapers this is also the case with the Watchguard equipment, and it's the same for cisco, you can limit BW (up or down) but you cannot limit a protocol's BW, such as ftp or smb.

An added benefit of most VPN's is the "Split-Tunneling" feature, where traffic that can be routed over the internet is routed over the internet, and traffic destined for the LAN is sent via the VPN. So if split-tunneling was enabled, if a user went to that traffic would go out thier cable modem or dsl line, and if they accessed the company Intranet that would go over the vpn.

You can monitor useage, and be alerted when a certai threshold has been reached... but I know of no way to limit a protocol's BW totals...
You can set quota's on M$ file-systems or folders... but they don't allow you to increment them automatically, they just let you set a "hard" limit, like 15meg's for the desktop folder...

I hope another expert will have something more to offer...
Ankit_J_PAuthor Commented:
Thanks Rich.

How about in AD for specific user.  Can we limit on the server side that how much a user can download or upload?

Rich RumbleSecurity SamuraiCommented:
Here is a product that may do what your asking...

Product                                                         Single user(One computer)       Small business(Up to 10 computers)       Unlimited(Site)
SoftPerfect Bandwidth Manager                               $99.00 US                                   $250.00 US                                          $800.00 US

Everything else I've found only does traffic shaping, which is rate BW limiting... i'll keep looking
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.