Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


Bandwidth Limit for per user at iron port

Dear Team,

How we can set overall bandwidth for ironport users ,we have management appliance (M 170) and 2 load shaerd appliance (Cisco S370)

Cisco Employee

Please note the overall

Please note the overall bandwidth limit option in the WSA is only for media category only such as streaming media.

You can do this from GUI -> Web Security Manager -> Overall Bandwidth Limits

Configured overall bandwidth

Configured overall bandwidth but it does not limit the user band width.found that The overall bandwidth limit affects the traffic between the Web Security appliance and web servers for all users on the network , It does not limit traffic served from the web.Kindly let us know how we can limit the per user bandwidth limit?

Cisco Employee

That setting will not limit

That setting will not limit the overall users bandwidth accessing internet or download instead it will only limit the media traffic for users only such as streaming media category.

which streaming website that you perform testing to see the bandwidth usage? and you can check from the accesslogs to see the bandwidth used

Is their any way to limit

Is their any way to limit overall bandwidth for ironport users?

We want to set the overall bandwidth as 10 mbps for per user ,how its possible?

Cisco Employee

on version 8.5 (the latest GD

on version 8.5 (the latest GD version 8.5.3-069) there is an option called Time and Volume Quotas (GUI -> Web Security Manager -> Define Time Ranges and Quotas)

This version can apply time and volume quotas to access policies and decryption policies to restrict a user’s connection time or data volume (also referred to as a “bandwidth quota”). Quotas allow individual users to continue accessing an Internet resource (or a class of Internet resources) until they exhaust the data volume or time limit imposed. AsyncOS enforces defined quotas on HTTP, HTTPS and FTP traffic.

As a user approaches either their time or volume quota, AsyncOS displays first a warning, and then a block page.

Recommend to check the release note before upgrading to version 8.5.3

On current version we have

On current version we have the same option (Define Time Ranges and Quotas) available for limit the data volume.Set the data volum as 10Mbps but still its exceeding the limit and there is no warning..Kindly help us to complete this activity

Cisco Employee

Have you apply your quota

Have you apply your quota defined? since this is only creating quota profile and you still need to apply it to your access policies (under URL Filtering column).

You can also apply the quota to "Overall Web Activities Quota" in your access policy (typically apply it on the global access policy or policy that will apply to all traffic) or apply the quota per pre-define categories.

Applied quota in per

Applied quota in per predefined categories but still download speed as more than 10 Mbps.Our WSA version is 8.5.1-104 ,kindly confirm whether this will be work on this device




as Handy Putra explained already you have teo options:

1. define overall traffic limit (per category); this limit overall bytes transfered (bytes) in chosen period of time; this doesn't do bandwidth limiting ("speed limit" - bytes per second)

2. you can define "speed limit" (bytes per second) by:

- define bandwidth limit for media streaming

- some application also support bandwidth limit in recent releases

There's currently no feature implemented in WSA that would limit overall bandwidht limit per user.

Hope this clears both approaches possible today with WSA?

Thank you so much Jernej and

Thank you so much Jernej and team....we are very satisfied on this discussion with you and your team....expecting the same in future!!!!




What about a bandwidth restriction as a whole from the appliance?  E.g. we have 2 S300V's, sharing a 100Mbit up/down connection.  When one user connects to our BYOD network with their own device, it downloads its windows updates, bringing our connection to its knees.  Can we limit the overall bandwidth of the whole appliance?  

We know we can restrict the connection from our network side, but we're looking first to see if the IronPort can.

Cisco Employee

Depending on the version of

Depending on the version of the WSA (start from AsyncOS 8.5), it does has quota limit option (GUI -> Web Security Manager -> Time Ranges and Quotas)

You can set a quota profile (using time and volume quota to limit the bandwidth).

Then configure Identity to identify the traffic such as source IP address/subnet or user authenticated.

Then set the access policy for certain categories or custom URL category for windows updates for example) and set the "Quota-Based" and use the quota profile that configured.

Hope that helps.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here