08-28-2023 04:43 PM
Hi, just like the title says, I'm looking to cap data usage for users in a subnet, something like this: https://github.com/hiep4hiep/PANW-Bandwidth-quota, but without having to use scripts, is there a way to do something similar inside the PA firewall?
08-29-2023 05:24 AM
Check if this gives you ideas.
Instead of QoS you can block traffic if quota is exceeded.
https://www.youtube.com/watch?v=7fU91SZ5xDk
08-29-2023 06:20 AM
If you're trying to create an aggregate amount over time, you'll need to use an external script instead of relying on the firewall. Just scanning over both solutions they also don't appear to take into account long-running sessions, so you'll need a way to account for those. That could be just closing any sessions that exceed a certain duration (via a script), or some other negate for expected sessions.
Essentially what you'll run into from a brief glance is that some users will have long sessions that will eventually end. They've passed enough traffic to keep it open and it's potentially been open for days if a user just locks their endpoint instead of logging off or shutting down at the end of the day. You might end up with someone closing a session that's technically passed tens or hundreds of GBs that doesn't quite line up with reality.
Just something to keep in mind that this won't be explicitly clean due to how you're pulling the data.
08-29-2023 12:29 PM
This one requires a script to remove devices afterwards, can't have that done manually daily, too much overhead.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
