I have not tried it. is this something you looking or helpfull ?
GUI -> Web Security Manager -> Time Ranges and Quotas
You can set a quota profile (using time and volume quota to limit the bandwidth).
Then configure Identity to identify the traffic such as source IP address/subnet or user authenticated.
Then set the access policy for certain categories or custom URL category for windows updates for example) and
set the "Quota-Based" and use the quota profile that configured.