Junos OS

Hi all, new to all of this Junos stuff and by no means a networking expert so please be patient...

We have a 100mb fiber into our building and want to resell some of it to nearby companies.

We are using a Juniper SRX210 to manage our firewalls etc...

My question is how can I configure the SRX such that all trafic for another company is routed throug a specific port with limited bandwadth?

Please please can we only discuss doing this via the UI? I do not want CLI commands!

I have raised this via my J-Care support but they are NOT helping at all and I will be cancelling that so if anyone out there can let me know which configuration steps are required.

I am guessing

1, create a filter (policer) where in the UI is this done?

2, set up a VLAN

Does that sound right?

Alternatively, is there a company that I can pay to come in and help us set this beast up properly?

Many thanks in advance.

Hello ,

First of all ,  the SRx Web GUI is not so impresive to configure since its CLI based and you will find it hard to find  KBs based on Web GUI .

Secondly coming back to our issue  :

> My question is how can I configure the SRX such that all trafic for another company is routed throug a specific port with limited bandwadth?

So here you means to say that your neighbouring coumpany uses different port in SRX to the internet ? or are we and the neighbour using the same physical link .

If we are using different physiacl port , then its easy to achive . You just need to creat a firewall filter in the SRX , Apply that on the incoming interface of LAN traffic from neighbour , forward them to a virtual router where we have the extrenal port for the neighbour .

This doc will help you : http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223

Now if we both are using the same link with limited bandwidth , then we need to apply policer  ( CoS ) and forward it using bandwidhth limiter :

This doc will help you on this : http://kb.juniper.net/InfoCenter/index?page=content&id=KB28161&actp=RSS

You have the procedure basically correct.  You will dedicate a port to your client and apply a policier to that port to limit their bandwidth usage to the agreed level.

http://www.juniper.net/techpubs/en_US/junos10.4/topics/task/configuration/firewall-filter-ex-series-policer-cli.html

You will need to assign them a security zone and create a policy to permit traffic from their zone out to your untrust link.

Should they be using RF1918 addressing you would also need to create a nat policy for them as well.  Here you may want to assign them a different nat address than your own traffic if you have one available so that the traffic can be distinguished if needed.  But this is not required.

Many thanks for the reply we have now managed to set it up as desired.

Unfortunately I am unable to accept both answers which is a bit odd as you both helped.

Hello ,

Thanks for the update and glad that it helped to accomplish what you needed .