Quota of webfilter

Quota of webfilter

In addition to using category and classification blocks and overrides to limit user access to URLs, you can set a daily quota by category, category group, or classification. Quotas allow access for a specified length of time or a specific bandwidth, and is calculated separately for each user. Quotas are reset everyday at midnight.

Quotas can be set only for the actions of Monitor, Warning, or Authenticate. When the quota is reached, the traffic is blocked and the replacement page displays.

Sample topology

Sample configuration of setting a quota

This example shows setting a time quota for a category, for example, the Education category.

To configure a quota in the GUI:

  1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter
  2. Open the General Interest -Personal section by selecting the + icon beside it.
  3. Select Education and then select Monitor.
  4. In the Category Usage Quota section, select Create New.
  5. In the right pane, select the Category field and then select Education.
  6. For the Quota Type, select Time and set the Total quota to 5 minute(s).
  7. Select OK and the Category Usage Quota section displays the quota.
  8. Validate the configuration by visiting a website in the education category, for example https://www.harvard.edu/.

You can view websites in the education category.

  1. Check the used and remaining quota in Monitor> FortiGuard Quota.
  2. When the quota reaches its limit, traffic is blocked and the replacement page displays.

To configure a quota in the CLI:

config webfilter profile edit “webfilter” config ftgd-wf

unset options

config filters

edit 1

set category 30 <– the id of education category  next

end

config quota

edit 1

set category 30

set type time

set duration 5m

next

end end

next

end

This entry was posted in Administration Guides, FortiGate, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.