NxFilter Tutorial

User level data cap by NxFilter

You can implement user level data cap by NxFilter and NetFlow.

Using NetFlow

NxFilter supports a user level data cap by utilizing NetFlow data from a router. NxFilter can associate NetFlow data to a user login IP address and if there is a user consumed up data over the limit you set on a policy, NxFilter blocks all the DNS requests from the user.

To enable data cap, you need to have a router or firewall supporting NetFlow version 5 in your network and you need to make it sending NetFlow data to NxFilter. And then run NxFilter's built-in NetFlow collector on 'System > Setup > NetFlow'. After that, you can set data cap on a policy.

There are several rules for NxFilter to import NetFlow data. Firstly, one of the source or destination IP address of a NetFlow data should be associated to an IP address of a logged-in user on NxFilter. Secondly, NxFilter ignores internal traffic. And one of the source or destination IP address needs to be a public IP address. This is because you are only interested in inboud or outbound traffic from/to the Internet. And lastly, NxFilter keeps only TCP/UDP data.

Currently, NxFilter supports NetFlow v5 only.

Tutorial Index

In this page