Individual clients can certainly be restricted using policies as everyone pointed out above but you may also want to look into the Security Appliance>Traffic Shaping section to set some global limits. There you can configure a global per-client limit (maybe 20M) in your case as a catch-all. You can also configure Traffic Shaping Rules based on subnet range or service type. For example, limiting 'All Video & Music' to say 10M.
Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.