[NEBULA] Defining different content filtering/bandwidth rules for users/-groups

paulb
paulb Posts: 16  Freshman Member
First Anniversary Nebula Gratitude First Comment
edited April 2021 in Nebula
Hi,
as we are drawing a wifi-solution based on radius authentication through Azure, we are were wondering whether it is possible to define specific bandwidth and content filtering rules for the radius based users/usergroups?
Is it possible to define specific rules for a given SSID in terms of bandwidth and/or content filtering?

kr,
Paul

Comments

  • Zyxel_Freda
    Zyxel_Freda Posts: 397  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi Paul,

    You can set the "Rate limiting" in AP > Configure > SSIDs to define every  client device traffic rate.

    However, the content filtering is not supported for specific SSID or user/group so far.

    Thanks.
  • CrazyTacos
    CrazyTacos Posts: 53  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    There should also be an option in the gateway traffic shaping to limit bandwidth by client IP addresses.
    And I agree that content filtering should have the option to select user-defined groups.
  • WebberIT
    WebberIT Posts: 53  Ally Member
    First Anniversary Friend Collector First Comment Ideas master
     it is possible to define specific bandwidth and content filtering rules for the radius based users/usergroups?
    specific bandwidth : yeap , per SSID you can set speed limits, but not usage if thats what you mean
    content filter: that is a feature of the NSG not available on the AP, and currently it reads all outbound traffic so you can't specify it to a certain subnet.

  • Zyxel_Freda
    Zyxel_Freda Posts: 397  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @paulb

    As @WebberIT said, the content filter is only able to set on NSG and it's for all traffic, can't specify on certain interfaces.
    We'll have an improvement on NSG for content filter to set it by interfaces, like a VLAN.
    This improvement might meet your requirement when the SSID is set in the same interface, and it's expected to release in the middle of 2019.
    Thanks.

  • paulb
    paulb Posts: 16  Freshman Member
    First Anniversary Nebula Gratitude First Comment
    Hi,

    as we are implementing the solution at an educational institution it is a quite  important issue. Not at least to block access to specific sites for students and allow access to these sites for the staff. (We have over 2500users in this case)
    We are already using a NSG-200, but it turned out it can only block or allow for all users...
    We have done Radius-implementations before (not on Zyxel equipment) and using Radius-usergroups worked like a charm. That’s why we wanted to do it here  too... (Turns out SSID-based blocking won’t pull the trick either due to the NSG-software restrictions)
    Any idea on how to solve it? 
    TnX

    paul

  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @paulb
    Understand what you needed, in current stage NSG not support this feature (apply CF to the specific interface) however, it is already in our roadmap, will implement on next year the schedule is sill under the discussion, I can't give you a precise date now, will keep posted on forum once confirm the schedule!

    /Chris
    Chris
  • paulb
    paulb Posts: 16  Freshman Member
    First Anniversary Nebula Gratitude First Comment
     =) 
  • Ok, the above question was asked 2 years ago.
    I have just moved from an USG210 to a NSG300 and I'm disappointed.
    On the USG210 you can create different content filters, app patrols, virus and create groups with these and add them to specific security policy controls (firewall rules). This can not be done on the NSG300.
    It seems that the NSG products can't be configure as we wish when you are using it at an educational institution

Nebula Tips & Tricks