Junos
Highlighted
Junos

SRX100 firewall policer for interfaces

‎09-12-2019 08:15 PM

I prepare to set a firewall policer to restrict bandwidth usage from and to specific physical interface.

I found a KB with configuration at https://kb.juniper.net/InfoCenter/index?page=content&id=KB28161. But this example is for source IP address only.

My current configuration as below

1. fe-0/0/0 connected to internet. Bandwidth 6Mbps.

2. fe-0/0/1 connected to wired LAN device (desktop PC, printer, etc.) (an unmanged network switch between them)

3. fe-0/0/2 connected to WiFi AP

My target is to restrict the total bandwidth between fe0/0/0 and fe0/0/2 to 2Mbps only. Which means WiFi device download/upload from/to internet has 2Mbps max.

While WiFi device transfer data with desktop PC and WiFi printing has no bandwidth restriction.

Is there any configuration example for reference?

 

3 REPLIES 3
Highlighted
Junos

Re: SRX100 firewall policer for interfaces

‎09-12-2019 08:40 PM

Try this config and apply to fe-0/0/2:

set firewall family inet filter output-limit term 0 from source-address <Wifi subnet>
set firewall family inet filter output-limit term 0 from destination-address <LAN subnet>
set firewall family inet filter output-limit term 0 then accept
set firewall family inet filter output-limit term 1 then policer policer-2mb
set firewall family inet filter output-limit term 1 then accept

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Junos

Re: SRX100 firewall policer for interfaces

‎09-13-2019 12:05 AM

Hello Nellikka. The SRX100 using the default VLAN (only 1 subnet for both wired and wireless). That's why I want to achieve this by interface.

Highlighted
Junos

Re: SRX100 firewall policer for interfaces

‎12-31-2019 11:49 AM

yes. please try what Nelikka had already suggested

" Policers enable you to control the maximum rate of IP traffic sent or received on a device interface" so thats why we want to put policer on Wifi interface only. 

https://www.routerfreak.com/rate-limit-traffic-per-destination-ip-on-junos/

Feedback