Repeat of Watchguard XTM User Broadband Restriction. How to?

The original answer to this question does not provide an answer. It shows the user guide steps of how to restrict/guarantee minimum and maximum bandwidth on an interface. BUT, How do you prevent one (1) user from using up the interface's assigned bandwidth? That is the question. The closest I find in the guide is QOS settings but it is not clear how this marking of packets actually work and appears to be interface assigned and NOT user defining. I still have some user that is sucking down the assigned broadband of the Outgoing interface, regardless of what that is. How do I either prevent this or balance the connection load at any given time? It appears that with Watchguard, one cannot take a single interface and restrict a single user from hogging the assigned broadband. If I find an answer, I will post. Thanks to all.
chappydeanAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
BrianConnect With a Mentor Commented:
Here are two links that you can read about the WatchGuard Single Sign On and Traffic Management.

Single Sign On: http://www.watchguard.com/help/docs/webui/11/en-US/index_Left.html#CSHID=en-US%2Fauthentication%2Fsso_about_c.html|StartTopic=Content%2Fen-US%2Fauthentication%2Fsso_about_c.html|SkinName=Web UI (en-US)

Traffic Management: http://www.watchguard.com/help/docs/webui/11/en-US/index_Left.html#CSHID=en-US%2Fqos_trafficmanagement%2Ftraffic_mgmt_actions_define_c.html|StartTopic=Content%2Fen-US%2Fqos_trafficmanagement%2Ftraffic_mgmt_actions_define_c.html|SkinName=Web UI (en-US)

The See Also at the bottom of both articles can be helpful for background and further reading.

The solution I would implement is define a Traffic Management action for each user, setup single sign on with Active Directory, and then create a policy for each user and set the Traffic Management rule to that policy.
0
 
setasoujiroCommented:
The easiest way if it is just one user, would be to have static IP / MAC binding for the user and have a HTTP(?) policy for that user with the lowest bandwith possible.

0
 
BrianCommented:
Depending on your type of user authentication (Active Directory, RADIUS, Etc..), you could also link that to the WatchGuard and then have an ANY Policy (or just HTTP or FTP, etc)  for each user. If you setup Single Sign On with the WatchGuard, it would then limit the user no matter where they log in automatically.
0
 
chappydeanAuthor Commented:
Thanks. I had considered that a static IP could be limited. Unforunately, I am using DHCP. Static IP's apparently is the only way to go. Learned this lesson.
I can see the IP addresses of those that are loading at the time wich are subject to change depending on logon time. I may just start limiting blocks of IP addresses are contacting each user and set up their static IP.

The second suggestion bears looking into as I do use active directory. I am not familiar with Single Sign On with Watchguard. Will review the User Guide.

Thanks again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.