In addition to using category and classification blocks and overrides to limit user access to URLs, you can set a daily quota by category, category group, or classification. Quotas allow access for a specified length of time or a specific bandwidth, and are calculated separately for each user. Quotas are reset daily at midnight.
Quotas can be set for the Monitor, Warning, or Authenticate actions. Once the quota is reached, the traffic is blocked and the replacement message page displays.
Quotas are only available in proxy-based inspection mode.
Configuring a quota
The following example shows how to set a time quota for the education category (category 30).
To configure a quota in the GUI:
- Go to Security Profiles > Web Filter and click Create New, or edit an existing profile.
- For Feature set, select Proxy-based.
- In the FortiGuard category based filter section, scroll to the General Interest - Personal and click the + to expand the section.
- Select Education, then click Monitor.
- In the Category Usage Quota section, click Create New.
The New/Edit Quota pane opens.
- In the Category field, select Education.
- For the Quota Type, select Time and set the Total quota to 5 minutes.
- Click OK. The entry appears in the table.
- Configure the other settings as needed.
- Click OK.
To configure a quota in the CLI:
config webfilter profile edit "webfilter" config ftgd-wf unset options config filters edit 1 set category 30 next end config quota edit 1 set category 30 set type time set duration 5m next end end next end
To verify the quota usage:
- Go to a website that belongs to the education category, such https://www.harvard.edu/. You can view websites in that category at the moment.
- In FortiOS, go to Dashboard > FortiGuard Quota Monitor to check the used and remaining time .
- When the quota reaches its limit, traffic is blocked and the replacement page displays.