NxFilter Tutorial
Tutorial Index

Bandwidth control with NxFilter
You can implement Bandwidht Control with NxFilter and NetFlow.


Using NetFlow
NxFilter supports a user level bandwidth control by utilizing NetFlow data from a router. The idea is simple. NxFilter associates NetFlow data to a user login IP address and if there is a user consumed up bandwidth over the limit you set on a policy, NxFilter blocks all the DNS requests from the user.

Good thing is that this is not just about HTTP traffic. Since NxFilter uses NetFlow data, you can monitor and block HTTP, FTP, IM, Skype, Torrent and any other protocol working on TCP/UDP.

To enable bandwidth control, you need to have a router or firewall supporting NetFlow version 5 in your network and you need to make them sending NetFlow data to NxFilter. And then run NxFilter's built-in NetFlow collector on 'Config > Setup > NetFlow'. After that, you can set up a bandwidth limit on a policy.

There are several rules for NxFilter to import NetFlow data. Firstly, either the source or destination IP address of a NetFlow data should be associated to an IP address of a logged-in user on NxFilter. Secondly, NxFilter ignores internal traffic. This means either the source or destination IP address needs to be a public IP address. This is because you are only interested in an inboud or outbound traffic to the Internet. And lastly, NxFilter keeps only TCP/UDP  data.

Currently, NxFilter supports NetFlow v5 only.