Hello,
Could anyone help on how to limit download speed but not normal internet browser?
In my corporate some users keep download video, movies, all night day, I want to limit just only download but not everything else.
Thanks,
hello.
generally, there are 2 common method in doing download limit
- transport up to presentation layer control, using web proxy. it is much better in controlling access. but unfortunately, currently, any protocol over ssl (mostly https) has made it difficult.
google: squid web proxy.
- ip network layer control, much easier. but it only sees ip as single package tx and rx. it doesn’t care about what your client activity .
mikrotik help page: bandwidth management.
hope this helps.
In most corporate, users sign documents.
On said documents.
- Misuse of company internet is forbidden
a. first offence, written and verbal warning
b. second offence, written and verbal counselling
c. third offence FIRED.
No change to config required.
It depends. If it’s regular download where one connection transfers a lot of data, you can mark it using connection-bytes, e.g. after 10MB:
/ip firewall mangle
add chain=forward connection-mark=no-mark connection-bytes=10485760-0 action=mark-connection new-connection-mark=bigtransfer
and then use queues to slow it down. Of course it’s far from perfect.
Create mangle rule which marks packet for some connection protocol ports (HTTP, FTP…) if connection bytes are above of some threshold, eg. 20Mb. Create queue and add that packet mark in lower priority than others.
Edit: Double post of same solution sry, I didn’t read carefully Sob’s answer above. 
That approach can work, you can play with queue rules, you can hard limit such connections or just prioritize them.