Junos
Junos

SRX100 firewall policer for interfaces

‎09-12-2019 08:15 PM

I prepare to set a firewall policer to restrict bandwidth usage from and to specific physical interface.

I found a KB with configuration at https://kb.juniper.net/InfoCenter/index?page=content&id=KB28161. But this example is for source IP address only.

My current configuration as below

1. fe-0/0/0 connected to internet. Bandwidth 6Mbps.

2. fe-0/0/1 connected to wired LAN device (desktop PC, printer, etc.) (an unmanged network switch between them)

3. fe-0/0/2 connected to WiFi AP

My target is to restrict the total bandwidth between fe0/0/0 and fe0/0/2 to 2Mbps only. Which means WiFi device download/upload from/to internet has 2Mbps max.

While WiFi device transfer data with desktop PC and WiFi printing has no bandwidth restriction.

Is there any configuration example for reference?

 

2 REPLIES 2
Junos

Re: SRX100 firewall policer for interfaces

‎09-12-2019 08:40 PM

Try this config and apply to fe-0/0/2:

set firewall family inet filter output-limit term 0 from source-address <Wifi subnet>
set firewall family inet filter output-limit term 0 from destination-address <LAN subnet>
set firewall family inet filter output-limit term 0 then accept
set firewall family inet filter output-limit term 1 then policer policer-2mb
set firewall family inet filter output-limit term 1 then accept

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Junos

Re: SRX100 firewall policer for interfaces

‎09-13-2019 12:05 AM

Hello Nellikka. The SRX100 using the default VLAN (only 1 subnet for both wired and wireless). That's why I want to achieve this by interface.