Solved

Repeat of Watchguard XTM User Broadband Restriction. How to?

Posted on 2011-09-19
6
900 Views
Last Modified: 2013-11-16
The original answer to this question does not provide an answer. It shows the user guide steps of how to restrict/guarantee minimum and maximum bandwidth on an interface. BUT, How do you prevent one (1) user from using up the interface's assigned bandwidth? That is the question. The closest I find in the guide is QOS settings but it is not clear how this marking of packets actually work and appears to be interface assigned and NOT user defining. I still have some user that is sucking down the assigned broadband of the Outgoing interface, regardless of what that is. How do I either prevent this or balance the connection load at any given time? It appears that with Watchguard, one cannot take a single interface and restrict a single user from hogging the assigned broadband. If I find an answer, I will post. Thanks to all.
0
Comment
Question by:chappydean
  • 2
6 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36562939
The easiest way if it is just one user, would be to have static IP / MAC binding for the user and have a HTTP(?) policy for that user with the lowest bandwith possible.

0
 
LVL 9

Expert Comment

by:Brian
ID: 36574656
Depending on your type of user authentication (Active Directory, RADIUS, Etc..), you could also link that to the WatchGuard and then have an ANY Policy (or just HTTP or FTP, etc)  for each user. If you setup Single Sign On with the WatchGuard, it would then limit the user no matter where they log in automatically.
0
 

Author Comment

by:chappydean
ID: 36595239
Thanks. I had considered that a static IP could be limited. Unforunately, I am using DHCP. Static IP's apparently is the only way to go. Learned this lesson.
I can see the IP addresses of those that are loading at the time wich are subject to change depending on logon time. I may just start limiting blocks of IP addresses are contacting each user and set up their static IP.

The second suggestion bears looking into as I do use active directory. I am not familiar with Single Sign On with Watchguard. Will review the User Guide.

Thanks again.
0
 
LVL 9

Accepted Solution

by:
Brian earned 500 total points
ID: 36599730
Here are two links that you can read about the WatchGuard Single Sign On and Traffic Management.

Single Sign On: http://www.watchguard.com/help/docs/webui/11/en-US/index_Left.html#CSHID=en-US%2Fauthentication%2Fsso_about_c.html|StartTopic=Content%2Fen-US%2Fauthentication%2Fsso_about_c.html|SkinName=Web UI (en-US)

Traffic Management: http://www.watchguard.com/help/docs/webui/11/en-US/index_Left.html#CSHID=en-US%2Fqos_trafficmanagement%2Ftraffic_mgmt_actions_define_c.html|StartTopic=Content%2Fen-US%2Fqos_trafficmanagement%2Ftraffic_mgmt_actions_define_c.html|SkinName=Web UI (en-US)

The See Also at the bottom of both articles can be helpful for background and further reading.

The solution I would implement is define a Traffic Management action for each user, setup single sign on with Active Directory, and then create a policy for each user and set the Traffic Management rule to that policy.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SCCM 2012 - PXE WinPE - Boot Resolution Low 10 34
P2P and MPLS 3 45
ssh setup on Cisco swith 11 44
CMDB relationships for hardware assets 2 33
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now