A Webite

Juniper SRX Notes

probably the wrong way to do it but…

to limit the speed on an interface

set firewall policer GLOBAL-POLICER if-exceeding bandwidth-limit 5m
set firewall policer GLOBAL-POLICER if-exceeding burst-size-limit 100k
set firewall policer GLOBAL-POLICER then discard

set firewall filter OUTBOUND-FILTER term SOURCE-ANY from source-address 0.0.0.0/0
set firewall filter OUTBOUND-FILTER term SOURCE-ANY then policer GLOBAL-POLICER
set firewall filter OUTBOUND-FILTER term SOURCE-ANY then accept
set firewall filter OUTBOUND-FILTER term END-POLICY then accept

set firewall filter INBOUND-FILTER term SOURCE-ANY from source-address 10.0.0.0/24
set firewall filter INBOUND-FILTER term SOURCE-ANY then policer GLOBAL-POLICER
set firewall filter INBOUND-FILTER term SOURCE-ANY then accept
set firewall filter INBOUND-FILTER term END-POLICY then accept

set interfaces ge-0/0/1 unit 0 family inet filter input INBOUND-FILTER
set interfaces ge-0/0/1 unit 0 family inet filter output OUTBOUND-FILTER

Leave a Reply

Your email address will not be published. Required fields are marked *