directed to block all video - limited tools
I'm being directed to block all types of video to our remote schools, and have limited tools to do this with. Here's what I'm playing with:
In the elementary schools (we have 3), I have core Cisco switches and a Cisco router. Internet traffic then goes over lines to our main site, (in through our Cisco router), and is in turn sent back out to the internet, through our Fortigate web filter. Elementary schools are currently connected to the main site via two T1 lines (3 Mb total) and an additional T1 that's reserved for voice traffic. Our main site has a sufficient connection to the web that we're not concerned with rate limiting yet.
The goal is to limited bandwidth used by the remote schools, while allowing access to certain critical software (student information system, food services, library automation, etc), and provide web access, but nothing bandwidth-intensive.
Short of blacklisting video streaming sites, what's the most effective way to do this? Block port #'s that carry streaming video? Use rate limiting (?) on the Cisco equipment to restrict how much bandwidth a specific port can use?
Is QOS an option in the Cisco equipment to prioritize certain traffic? If so, are there resources I can research on how to set this up and verify that it's working?
Our web filter, the Fortigate, claims to be able to be able to reserve bandwidth for certain connections but doesn't appear to have worked in the past.
I'm relatively weak in the switch / router configuration department, so there may be more out there that I'm unaware of.
Hopefully that is a start...any ideas?