https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911560#M959739 <HTML><HEAD></HEAD><BODY><P>Yes, there are always people who ignore policy, but a good LART deployed early and often will quickly remedy that <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> </P><P></P><P>My personal favorite LART is a hard-bound copy of the policy and procedure manual, printed in 90-point type.</P><P></P></BODY></HTML> Mon, 03 Dec 2007 12:43:29 GMT Nathan Spitzer 2007-12-03T12:43:29Z https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911555#M959732 <P>I have an ASA5510 with a T1 connection. I have a few users who download large files with a download manager that takes up all of my bandwidth and then everyone complains the internet is slow. Is there a way on the firewall to limit each connection to a maximum bandwidth so that one user cant take all of the bandwidth?</P><P></P><P></P> Mon, 11 Mar 2019 11:37:02 GMT https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911555#M959732 dstjames123 2019-03-11T11:37:02Z https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911556#M959733 <HTML><HEAD></HEAD><BODY><P>You could use QoS to limit FTP downloads, however HTTP downloads are used just as often. If you need to restrict per connect bandwidth Packeteer (www.packeteer) makes some products that can do it.</P><P></P><P>HTH and please rate.</P></BODY></HTML> Thu, 29 Nov 2007 17:16:43 GMT https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911556#M959733 Collin Clark 2007-11-29T17:16:43Z https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911557#M959734 <HTML><HEAD></HEAD><BODY><P>Like the other poster said, packeteer makes some things that will fix this. Also, forcing HTTP and FTP through a proxy server will allow you to limit throughput on a user basis. I have done this with Squid which allowed me to solve similar issues. In addition, a proxy server will lessen the load on the internet link. If most of the T1 is http, it can dramatically reduce the load.</P><P></P><P>Let me also comment that the root of this issue is a policy or personel issue. Sometimes the best solution to these issues is therefore not to spend a boatload of time and/or money on a technology solution but to implement a policy or procedure that state that download managers are not to be used in such a way as to degrade the T1 performance. Tell those users causing problems NOT TO DO IT AGAIN. Inform their managers they are causing service degredation and it needs to stop.</P></BODY></HTML> Sun, 02 Dec 2007 02:01:51 GMT https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911557#M959734 Nathan Spitzer 2007-12-02T02:01:51Z https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911558#M959735 <HTML><HEAD></HEAD><BODY><P>there will always be people who will ignore</P><P>policy or procedure. </P><P></P><P>Instead of spending money on packeteer, which</P><P>is a good product by the way, the alternative</P><P>solution is to implement checkpoint firewall</P><P>solution. Checkpoint firewalls come with QoS</P><P>(formerly Floodgate) integrate and it can do </P><P>exactly what you describe. For a small</P><P>enterprise, that's something you probably want</P><P>instead of deploying another device on the</P><P>network.</P></BODY></HTML> Sun, 02 Dec 2007 23:56:56 GMT https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911558#M959735 kevin.jones1 2007-12-02T23:56:56Z https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911559#M959737 <HTML><HEAD></HEAD><BODY><P>access-list qos_acl permit tcp any eq 20 any</P><P><THIS matches="" traffic=""></THIS></P><P></P><P>class-map qos-class-map</P><P> match access-list qos_acl</P><P></P><P>policy-map qos</P><P> class qos-class-map</P><P> police output 8000 2000</P><P><THIS limits="" their="" bandwidth="" to="" 8k=""></THIS></P><P></P><P>service-policy qos interface inside</P><P></P><P>i'm by no means a qos expert, but this seemed to work on my asa5505.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/qos.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/qos.html</A></P><P>you can of course configure the ACL and police rates to your own liking. you could just limit all tcp traffic to something like 64000/user with 32000/burst as an example.</P></BODY></HTML> Mon, 03 Dec 2007 05:34:06 GMT https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911559#M959737 srue 2007-12-03T05:34:06Z https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911560#M959739 <HTML><HEAD></HEAD><BODY><P>Yes, there are always people who ignore policy, but a good LART deployed early and often will quickly remedy that <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> </P><P></P><P>My personal favorite LART is a hard-bound copy of the policy and procedure manual, printed in 90-point type.</P><P></P></BODY></HTML> Mon, 03 Dec 2007 12:43:29 GMT https://community.cisco.com/t5/network-security/limiting-bandwidth/m-p/911560#M959739 Nathan Spitzer 2007-12-03T12:43:29Z