SRX

Hello everyone,

Forgive me if i missed this somewhere, but i am at a complete loss here.  I need to rate limit one IP that is hosting a website on a SRX3400 going outbound.  It is killing our pipe and we would like to limit one IP of the website to 100m  Attempted to do this with a firewall filter and policier but this isnt supported by high end srx (ironic).  Did some searching and found the simple-filter really isnt that simple and it only limits inbound.  Can someone provide me a way to rate limit IP X.X.X.X outbound to 100M? 

Thanks!!

Harold

Something like below will not work for you ?

Hi Harold,

Which Junos version are you using? Firewall policers are supported from 12.1x46 onwards on high end devices. I think you may have to upgrade.I can see its not throwing error on 12.1X46 onwards.

root@srx3600> show version     
Hostname: srx3600
Model: srx3600
JUNOS Software Release [12.1X46-D15.3]

root@srx3600> show configuration firewall
policer Limit-BW-1m {
    if-exceeding {
        bandwidth-limit 10m;
        burst-size-limit 2k;
    }
    then discard;
}
filter TEST {
    term 1 {
        from {
            source-address {
                192.168.1.0/24;
            }
        }
        then policer Limit-BW-1m;
    }
    term 2 {
        then accept;
    }
}

root@srx3600>

I am Running 12.1 X44 Guess that would explain it..  We just upgraded to this from 11.4 to JTAC recomended X44 at that time.. 

Thanks for the info!