Product Policies

Policies define some options (for example the down/up data rate, the session time, logoff time for inactivity, etc.), shared for all products they are associated, they facilitate the creation, updating, and managing of them.

The Context Dropdown Menu

By clicking the properties button, the context dropdown menu will appear with a set of options grouped by: edit.

Adding or Editing

To add a new policy, select the data tab, press the context properties button of the level you need to add the policy ( System, Reseller or Manager level). Select “ Product Policies” and press “Add” on the command bar. While, to modify an exhisting policy, press the context button of the policy and select “ Edit”. In both cases, a page appears that allows you to manage the contents of the following fields:

General Data

Field	Description
ID	ID of the record. Auto-assigned Identifier of the record. It can be used to use the API or external integrations. It is displayed during editing phase of an existing data and not during insertion of a new record.
Code	Identification code of the policy.
Description	Description of the policy.
Concurrent Connections	Number of concurrent connections that can be made by the same user. In practice, if a user buys a product associated with a particular policy, he can simultaneously connect using the same username for the maximum number of devices defined in this field. Usually, for payment products, it is equal to 1 and is increased by the maximum number of concurrent users you want to support on the domains with the “Without registration” “Authentication Mode“. It is useful, for example, to make different business to the managers who want to have a free/without payment gateway. For example: a gateway with up to 5 concurrent connections a price; a gateway with up to 10 concurrent connections another price; etc.
Maximum Number of Devices	Maximum number of devices that can be connected with the same credentials. A value equal to zero indicates an unlimited number of devices. The count of the registered devices is done starting from the date of assignment/purchase of the product. In practice if the user has been assigned a product whose policy defined at most two devices and he has actually used two devices, if subsequently purchases another product, the count of the devices is reset. Warning! The number of concurrent connections cannot be greater than the maximum number of devices.
Session Timeout	Time (in minutes) of a user’s session. After this time, the user will be disconnected even when credit is still available. To continue to navigate login credentials must be re-entered.
Timeout for Idle	Time (in minutes) of automatically log out for idle user. If the user during this period does not carry any kind of internet traffic will automatically be disconnected. It is useful, especially with product with time credit to prevent the user from using the credit even when he is not using the connection.
Download Data Rate	Maximum data rate in bits for the download. Users, who purchase a product associated with the policy, will have the maximum data rate of download defined in this field.
Upload Data Rate	Maximum data rate in bits for the upload. Users, who purchase a product associated with the policy, will have the maximum data rate of upload defined in this field.
Daily Time	Daily maximum time in minutes of the connection. If set, the user that purchases the product associated with the policy, will have daily access to the internet for the maximum time defined in this field, after this time he will be disconnected and will fail to connect until the following day. A value equals zero, defines an unlimited time. Daily time can be defined also on the product and if it is present on both sides, it will consider the one defined on the policy. Available from version HW 1.3.
Monthly Time	Monthly maximum time in minutes of the connection. If set, the user that purchases the product associated with the policy, will have daily access to the internet for the maximum monthly time defined in this field, after this time he will be disconnected and will fail to connect until the following month. A value equals zero, defines an unlimited time. Monthly time can be defined also on the product and if it is present on both sides, it will consider the one defined on the policy. Available from version HW 1.3.
Daily traffic	Megabytes of daily traffic of the connection. If set, the user that purchases the product associated with the policy, will have daily access to the internet for the maximum traffic in Megabytes defined in this field, after this time he will be disconnected and will fail to connect until the following day. A value equals zero, defines an unlimited traffic. Daily traffic can be defined also on the product and if it is present on both sides, it will consider the one defined on the policy. Available from version HW 1.3 For systems with HW version less than 2, the maximum value that you can define, is 4096 MB.Warning! Cisco WLC, Cisco Meraki, CloudTrax, Ruckus Access Point, Ruckus Zone director, Ruckus VSCG, Ruckus VSZ and Ubiquiti uniFi Controller types of hardware do not support automatic user disconnection upon reaching the defined traffic limit. HSNM can handle the disconnection if the gateways are reachable and in the configuration of the same, “Send Disconnection Requests to the Gateway” has been activated.
Monthly Traffic	Megabytes of monthly traffic of the connection. If set, the user that purchases the product associated with the policy, will have monthly access to the internet for the maximum traffic in Megabytes defined in this field, after this time he will be disconnected and will fail to connect until the following month. A value equals zero, defines an unlimited traffic. Monthly traffic can be defined also on the product and if it is present on both sides, it will consider the one defined on the policy. Available from version HW 1.3 For systems with HW version less than 2, the maximum that you can define, value is 4096mb. Warning! Cisco WLC, Cisco Meraki, CloudTrax, Ruckus Access Point, Ruckus Zone director, Ruckus VSCG, Ruckus VSZ and Ubiquiti UniFi Controller types of hardware do not support automatic user disconnection upon reaching the defined traffic limit. HSNM can handle the disconnection if the gateways are reachable and in the configuration of the same, “Send Disconnection Requests to the Gateway” has been activated.
Interim Update	Time, in seconds, that defines the interval for the automatic updating of the connection information (session duration, bytes sent/received, etc.). It is important to use this value if, with the same user, multiple devices can connect and to make sure that the system can determine disconnected users even if the gateway has not sent the disconnection (STOP packet). The minimum definable time is 300 seconds. Lower values will be automatically converted to 300. This attribute is not supported by all types of gateways.

Activation Scheduler

Through the parameters in this section you can define the weekly activation times of the product policy. Users will be able to log in only on active days and hours.

Timetables depend on the timezone defined for the gateway.

Field	Description
Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday	It defines the weekly times at which the users can log in.

Mikrotik

Fields specific to Mikrotik RouterOS
Manageable fields are:

Field

Description

Mikrotik Address List

If defined, it adds the IP address that will be assigned to users within the Address-List of the Mikrotik gateway.
Useful if you have to enter into the gateway some firewall rules by Address-List (i.e. IP groups) and/or to make traffic prioritization always by Address-List.

You can define it also in the products. The value entered at policy level has priority.

MikroTik Burst

Burst is a functionality device-specific based on MikroTik RouterOS that can satisfy requests with data rates higher than defined in the maximum data rate for a limited time.

Manageable fields are:

Field	Description
Download Burst Limit	Maximum burst data rate reachable in download
Upload Burst Limit	Maximum burst data rate reachable in upload
Download Threshold	Average data rate of download in the burst time. If the average in the period of time is less than the indicated value, it activates the burst.
Upload Threshold	Average data rate of upload in the burst time. If the average in the period of time is less than the indicated value, it activates the burst.
Download Bust Time	Defines the period of time in seconds on which to calculate the average (Threshold) of traffic in download
Upload Burst Time	Defines the period of time in seconds on which to calculate the average (Threshold) of traffic in upload

Warning! To use the “Burst” functionalities, you must define all fields.

The possible modulation proportionally changes also the “Burst limit” and “Threshold” values.

For further details about the burst operation, please refer to the following page: http://wiki.mikrotik.com/wiki/Manual:Queues_-_Burst

Dynamic Modulation Data Rate based on Developed Traffic

Allows you to define an automatic system of progressive degradation of download and upload data rate based on traffic generated by the user. In practice with the increase of traffic generated in the defined time interval of hours, it decreases the data rate until it arrives to the minimum. It is also possible to define a daily time interval in which you can enable this feature (e.g. enable from 08:00 am to 08:00 pm).

Warning! The speed modulation is not performed in real time but at the activation and deactivation times you have defined.

Manageable fields are:

Field	Description
Enables Data Rate modulation	Type of algorithm to be applied to calculate the data rate degradation to reach the minimum data rate. Possible values are: disabled; very low degradation, low degradation; linear degradation; medium degradation; high degradation; minimum data rate at max traffic achievement. Data rate degradation chart: green=very low degrad; blue=low degrad; yellow=linear degrad; magenta = medium degrad; red=high degrad; dark green =minimum data rate at max traffic achievement.
Activate at (hour)	Activates the control of the data rate degradation from this time of the day.
Deactivate from hour	Disables the control of the data rate degradation from this time of the day. If the hour defined on “Activate at hour” is the same as that defined on “Deactivate from hour”, the modulation is always active. At the scheduled hour, users will be disconnected automatically to make them login again with the new calculated data rate based on the generated traffic.
Period of Time	Type of period considered for the calculation. The possible options are: hours; current month. If you select the interval in hours, it displays the field “Time interval in hours” where you can define how many hours to consider for calculating the traffic generated by the user. If you select “Current month”, the traffic calculation considers the whole current month.
Time Interval in Hours	To calculate the degradation, it considers the traffic developed in the last defined hours. Displayed only if you set “Hours” in the “Period of time” field.
Traffic Type	Defines the type of traffic to be considered for the data rate modulation. The possible values are: Total Download + Upload: sums the traffic in download and in upload. Separate download and upload: considers the traffic in download and upload separately. Only download: considers the traffic only in download. Only upload: considers the traffic only in upload.
Maximum Download + Upload Traffic	Maximum megabytes of traffic of download + upload for the calculation period of degradation. At the achievement, it will be set for the user the minimum data rate both of download and upload. Visible only if you have chosen “Total Download + Upload” in type of traffic.
Maximum Download Traffic	Megabytes of maximum download traffic for the period to calculate degradation. When maximum limit is reached, it will set the minimum download data rate to the user. Visible only if you have chosen “Separate download and upload” or “Only download” in type of traffic.
Maximum Upload Traffic	Megabytes of maximum unload traffic for the period to calculate degradation. When maximum limit is reached, it will set the minimum upload data rate to the user. Visible only if you have chosen “Separate download and upload” or “Only upload” in type of traffic.
Minimum Download Bit Rate	Minimum download data rate in bit defined for the user when he reaches the maximum traffic in the calculation period of the degradation.
Minimum Upload Bit Rate	Minimum upload data rate in bit defined for the user when he reaches the maximum traffic in the calculation period of the degradation
Ignore Traffic	Ignores the bandwidth usage when the modulation is not active. In other words, it does not consider the traffic produced by the user in the consumption counts if the modulation is not active.

Custom Radius Attributes (Check)

This section allows you to define custom radius attributes to use for the authentication phase.
The number of manageable attributes is dynamic. To add an attribute, press the “Add Attribute” button and then choose the type of attribute and associate a value.

The manageable fields are:

Field	Description
Attribute X	It allows choosing the attribute name from a preloaded list and defining, on the right, the corresponding value. The value must be compliant to the attribute type.

Custom Radius Attributes (Reply)

This section allows you to define custom radius attributes to use for the response phase to the gateway, post authentication.
As for the “Check”, the number of manageable attributes is dynamic. To add an attribute, press the “Add Attribute” button and then choose the type of attribute and associate a value.

The manageable fields are:

Field	Description
Attribute X	It allows choosing the attribute name from a preloaded list and defining, on the right, the corresponding value. The value must be compliant to the attribute type.