Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio control Mac address speed Limit?
  •  
alaa

Messages: 25
Karma: 2
Send a private message to this user
Hello

in kerio control you can add users to login internet
for advanced: user+mac with NTLM enabled to auto login
if this client give this user&pass to any body he will able to access internet too
i have client share his login details with his 3 friends for example
i will suppose that this client have no limit speed
so when his friends using internet by his login details they will have full internet speed like him
How can control speed limit by Mac address
this should exist under Bandwidth managment and QOS
add
Name: speed limit by mac
Traffic: by mac (add mac address)
Download : 256 kb for example
Upload : 256 kb for example

in that case i think kerio will control users who use shared login details

additional : may this client have alot of friends ( i think its difficult to add more mac)
so if there is rule like ( other MAC users which are not = User MAC) limit speed = 256 kb for exampe
what is you opinion?

Alaa
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
If you could get compliance from your users so that they stop sharing their ID & Password (never a good thing), you could enable a Guest Interface / Guest Network and limit that traffic within QoS to 256 kb as you suggest.

If you really wanted to tighten things up you could also enable MAC Filtering for each individual interface (LAN, WAN, GUEST for example) and either permit or prevent MAC addresses depending on your policy. One approach would be to set a PERMIT rule for the named user's acceptable devices against the LAN interface in order to keep "friends" devices off of the LAN (Trusted Local) network.

In order to apply QoS & bandwidth rules to the guest network, the best way would be to create an ALLOW traffic policy for that network, THEN create a QoS rule that applies to "Packets matching a traffic rule...".

Would this work to minimize login sharing? It may not be preventable - but this could reduce the desire to game the system.




Ken Snyder
  •  
alaa

Messages: 25
Karma: 2
Send a private message to this user
i agree with you in mac filter but this will prevent users to share them login details

Example:
user = alaa
Mac= 00:11:22:33:44:55
limit speed= 1024 kb/s
NTLM enabled & mac assigned to user alaa
Mac filter is disabled

alaa has friend called mody and they are using same login details
mody is not registered user but he get 1024 mb/s like alaa

How can limit speed of mody (unregistered user) to 256mb/s ?

[Updated on: Sat, 01 November 2014 18:34]

  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
You might want to review the license agreement as this sounds like a violation of the terms and conditions. Alaa may not share user login credentials with Mody nor with anyone else. The purpose of Kerio Control is to protect you, your users, and your business from threats and misuse. Sharing of login credentials completely undermines the entire purpose of the firewall.

8.4 offers unregistered users (guests) the ability to securely access the Internet though a guest network. KB article http://kb.kerio.com/1654 will help you to configure this capability and will explain some of the limitations.

If you want Mody to be limited to 256mb/s, open up a guest network, provide the access details to Mody, and apply a QoS rule to the guest network which limits bandwidth in order to maintain compliance with your license agreement.

Ken Snyder
Previous Topic: host not working behind kerio
Next Topic: IPSec tunnels gets off randomly
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Mar 26 13:12:31 CEST 2017

Total time taken to generate the page: 0.00971 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.