FortiAppSec Cloud WAF consists of two license subscriptions: Application and Bandwidth.

Bandwidth usage is calculated based on the traffic of the entire month, and this helps the administrator to forecast bandwidth usage for the following month and prepare to purchase additional license subscriptions when required.

Bandwidth Usage can be monitored in General -> Usage -> WAF tab.

When the bandwidth usage is exceeded for two consecutive months, the user's access will be locked to read-only mode.

Read-only access prohibits users from modifying any settings, for example shown in the image below. Options to save/update settings are greyed out.

1. If bandwidth usage trends continue to go over the capacity, at the beginning of the following month, for instance, March 2025 (referring to the Usage page image above), bandwidth usage may not reach the capacity and show low utilization in the early part of the month. However, due to overusage in the previous two months, access will remain in read-only.
2. Access reverts to read-write soon, provided that throughout March 2025, bandwidth usage does not exceed capacity.
3. Purchase an additional bandwidth license to restore the user’s access.

Related document:
How does WAF calculate bandwidth?