Fortinet black logo

Cookbook

Usage quota

Copy Link
Copy Doc ID 30be976a-bbb3-11ee-8673-fa163e15d75b:801136
Download PDF

Usage quota

In addition to using category and classification blocks and overrides to limit user access to URLs, you can set a daily quota by category, category group, or classification. Quotas allow access for a specified length of time or a specific bandwidth, and is calculated separately for each user. Quotas are reset everyday at midnight.

Quotas can be set only for the actions of Monitor, Warning, or Authenticate. When the quota is reached, the traffic is blocked and the replacement page displays.

Note

You can only use quotas when inspection mode is Proxy.

Sample topology

Sample configuration of setting a quota

This example shows setting a time quota for a category, for example, the Education category.

To configure a quota in the GUI:
  1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter section.
  2. Open the General Interest - Personal section by selecting the + icon beside it.
  3. Select Education and then select Monitor.
  4. In the Category Usage Quota section, select Create New.

  5. In the right pane, select the Category field and then select Education.
  6. For the Quota Type, select Time and set the Total quota to 5 minute(s).

  7. Select OK and the Category Usage Quota section displays the quota.

  8. Validate the configuration by visiting a website in the education category, for example https://www.harvard.edu/.

    You can view websites in the education category.

  9. Check the used and remaining quota in Monitor > FortiGuard Quota.

  10. When the quota reaches its limit, traffic is blocked and the replacement page displays.

To configure a quota in the CLI:
config webfilter profile
    edit "webfilter"
        config ftgd-wf
           unset options
           config filters
              edit 1
                 set category 30 <-- the id of education category
              next               
           end
           config quota
              edit 1
                 set category 30
                 set type time
                 set duration 5m
              next
           end
        end
    next
end

Usage quota

In addition to using category and classification blocks and overrides to limit user access to URLs, you can set a daily quota by category, category group, or classification. Quotas allow access for a specified length of time or a specific bandwidth, and is calculated separately for each user. Quotas are reset everyday at midnight.

Quotas can be set only for the actions of Monitor, Warning, or Authenticate. When the quota is reached, the traffic is blocked and the replacement page displays.

Note

You can only use quotas when inspection mode is Proxy.

Sample topology

Sample configuration of setting a quota

This example shows setting a time quota for a category, for example, the Education category.

To configure a quota in the GUI:
  1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter section.
  2. Open the General Interest - Personal section by selecting the + icon beside it.
  3. Select Education and then select Monitor.
  4. In the Category Usage Quota section, select Create New.

  5. In the right pane, select the Category field and then select Education.
  6. For the Quota Type, select Time and set the Total quota to 5 minute(s).

  7. Select OK and the Category Usage Quota section displays the quota.

  8. Validate the configuration by visiting a website in the education category, for example https://www.harvard.edu/.

    You can view websites in the education category.

  9. Check the used and remaining quota in Monitor > FortiGuard Quota.

  10. When the quota reaches its limit, traffic is blocked and the replacement page displays.

To configure a quota in the CLI:
config webfilter profile
    edit "webfilter"
        config ftgd-wf
           unset options
           config filters
              edit 1
                 set category 30 <-- the id of education category
              next               
           end
           config quota
              edit 1
                 set category 30
                 set type time
                 set duration 5m
              next
           end
        end
    next
end