Scope:Applies to Barracuda Web Filter appliances 410 and above on all versions of firmware.
The Barracuda Web Filter is able to apply quota policy exceptions to WSA and non-WSA users alike. However, a WSA configured to use Policy Lookup Only (PLO) mode is an exception, since it is designed to minimize traffic to the Web Filter. In order to keep processing and network overhead to a minimum, the PLO-enabled WSA does not forward bandwidth or session time information when reporting to the Barracuda Web Filter. In effect, the traffic is unable to increment the internal quota counter belonging to a quota rule. The quota threshold can only be triggered by non-PLO WSA traffic, or non-WSA traffic from the LAN.
Once a quota rule is triggered, all users, including PLO-enabled WSAs, will be blocked per the quota. So even though the PLO-enabled WSA cannot trigger the quota or increment the counter, the effects of the policy are still applied.
To illustrate, consider the following example:
- A quota rule is in place to limit Social Networking usage to 20 Mb per day for an LDAP group composed of UserA, UserB, and UserC.o UserA is using PLO-enabled WSA.
o UserB is using PLO-disabled WSA.
o UserC is inline behind the Web Filter with no WSA.
- UserA begins the day by using 100 Mb on Facebook. Due to PLO, the quota is not triggered, and they browse Facebook unhindered past the 20 Mb.
- At noon, UserB then utilizes exactly 20 Mb of data browsing Facebook. The web filter increments the quota counter accordingly because PLO is disabled.
- By evening, all three users attempt to access Facebook and each are delivered a block page notifying them that their quota threshold has been met.
For more information on quotas, please see Solution 6271 and our Techlib article regarding the topic.
Link to this page: