Quotas are an effective way to enforce fair sharing of the network or to ensure customers only get the amount of access to the network that they pay for. Quotas can enforce caps based on data transfer amount or based on the amount of time on the network. After the quota has been reached, a variety of actions could take place, such as throttling or blocking all data, or throttling only particular types of traffic, or redirecting the user to a particular webpage.
To support quota enforcement scenarios, you need to configure the following:
Create an adaptive response limit object to define how the quota will be measured and to identify the users that have exceeded their quota via an named network object.
The adaptive response object can specify whether to set a network traffic data volume limit or a time limit. The adaptive response object identifies the traffic that will monitored against the specified quota as a network object. The network object can either be based on IP addresses or based on Active Directory users or user groups. The adaptive response object tracks those that have exceeded their quota by dynamically adding them to a named network object.
Add a policy (or policies) to the Optimizer policy tree for those who are over their limit.
The policy that addresses those that have exceeded their quota is defined according to your business needs. You can choose to throttle their traffic or block it entirely. When they have HTTP traffic, you can also choose to redirect them to a webpage that you host or respond with a webpage that the Exinda appliance hosts.
If needed you can combine these, such that the first policy filters for HTTP traffic and shows a webpage, then other types of traffic are caught by a second policy that blocks the remaining traffic.
Add policies to the Optimizer policy tree for those under the limit.
The remaining policies define how to deal with the traffic of the users who have not yet exceeded their quota.
Note that since the Exinda appliance attempts to match the traffic to the filters in the policies (and virtual circuits) in a top-down order in the Optimizer policy tree, you need to set up the series of policies with the most specific filter criteria appearing first in the policy tree, which means the policies should appear in the following order.
- Those who have exceeded their quota and have HTTP traffic
- Those who have exceeded their quota and have other types of traffic
- Remaining traffic (that is, those who have not exceeded their quota).
- Go to Configuration - Objects - Adaptive Response - find Adaptive Response whose quota you want to reset - disable it - Save Configuration Changes - enable it - Save Configuration Changes
You can verify if the above method worked by going to Configuration - Objects - Network - Dynamic Network Objects tab, you should no longer see your Object which reached the quota in the list.
Bear in mind that this will reset the quota for all hosts involved in that Adaptive Response so in a case you are using the same Adaptive Response for Network Object that consists of multiple hosts, you will need to create a separate Adaptive Response for the Network Object whose quota limits you might want to reset earlier on demand.