NxFilter Tutorial

User level data cap by NxFilter
You can implement user level data cap by NxFilter and NetFlow.


Using NetFlow
You can set up user level data caps in NxFilter by utilizing NetFlow data from a router. NxFilter can associate NetFlow data to a user login IP address and if there is a user used up data over the limit you set on a policy, NxFilter blocks all the DNS requests from the user.

To enable data caps, you need to have a router or firewall that supports NetFlow version 5 in your network. You also need to configure it to send NetFlow data to NxFilter. And then run NxFilter's built-in NetFlow collector on 'System > Setup > NetFlow'. After that, you can set data cap on a policy.

There are several rules for NxFilter to import NetFlow data. Firstly, one of the source or destination IP address of a NetFlow data should be associated to an IP address of a logged-in user on NxFilter. Secondly, NxFilter ignores internal traffic. And one of the source or destination IP address needs to be a public IP address. This is because you are only interested in inbound or outbound traffic from/to the internet. And lastly, NxFilter keeps only TCP/UDP  data.

Currently, NxFilter supports NetFlow v5 only.