Solved

Repeat of Watchguard XTM User Broadband Restriction. How to?

Posted on 2011-09-19
6
897 Views
Last Modified: 2013-11-16
The original answer to this question does not provide an answer. It shows the user guide steps of how to restrict/guarantee minimum and maximum bandwidth on an interface. BUT, How do you prevent one (1) user from using up the interface's assigned bandwidth? That is the question. The closest I find in the guide is QOS settings but it is not clear how this marking of packets actually work and appears to be interface assigned and NOT user defining. I still have some user that is sucking down the assigned broadband of the Outgoing interface, regardless of what that is. How do I either prevent this or balance the connection load at any given time? It appears that with Watchguard, one cannot take a single interface and restrict a single user from hogging the assigned broadband. If I find an answer, I will post. Thanks to all.
0
Comment
Question by:chappydean
  • 2
6 Comments
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
The easiest way if it is just one user, would be to have static IP / MAC binding for the user and have a HTTP(?) policy for that user with the lowest bandwith possible.

0
 
LVL 9

Expert Comment

by:Brian
Comment Utility
Depending on your type of user authentication (Active Directory, RADIUS, Etc..), you could also link that to the WatchGuard and then have an ANY Policy (or just HTTP or FTP, etc)  for each user. If you setup Single Sign On with the WatchGuard, it would then limit the user no matter where they log in automatically.
0
 

Author Comment

by:chappydean
Comment Utility
Thanks. I had considered that a static IP could be limited. Unforunately, I am using DHCP. Static IP's apparently is the only way to go. Learned this lesson.
I can see the IP addresses of those that are loading at the time wich are subject to change depending on logon time. I may just start limiting blocks of IP addresses are contacting each user and set up their static IP.

The second suggestion bears looking into as I do use active directory. I am not familiar with Single Sign On with Watchguard. Will review the User Guide.

Thanks again.
0
 
LVL 9

Accepted Solution

by:
Brian earned 500 total points
Comment Utility
Here are two links that you can read about the WatchGuard Single Sign On and Traffic Management.

Single Sign On: http://www.watchguard.com/help/docs/webui/11/en-US/index_Left.html#CSHID=en-US%2Fauthentication%2Fsso_about_c.html|StartTopic=Content%2Fen-US%2Fauthentication%2Fsso_about_c.html|SkinName=Web UI (en-US)

Traffic Management: http://www.watchguard.com/help/docs/webui/11/en-US/index_Left.html#CSHID=en-US%2Fqos_trafficmanagement%2Ftraffic_mgmt_actions_define_c.html|StartTopic=Content%2Fen-US%2Fqos_trafficmanagement%2Ftraffic_mgmt_actions_define_c.html|SkinName=Web UI (en-US)

The See Also at the bottom of both articles can be helpful for background and further reading.

The solution I would implement is define a Traffic Management action for each user, setup single sign on with Active Directory, and then create a policy for each user and set the Traffic Management rule to that policy.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Let’s list some of the technologies that enable smooth teleworking. 
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now