Internet line bandwidth control for some internal source IP subnets in SRX345
I want to set up a policy hence some internal source IP subnets can only use sum up to 50Mbps (both incoming = outoging traffic, max bandwidth consumption = 50Mbps ) i.e. max internet line bandwidth consumption by some internal IP subnets ?
The internet line is configured as a logical interface, such as reth3.200 in SRX345
Re: Internet line bandwidth control for some internal source IP subnets in SRX345
You have 2 options with SRX product:
1/ use firewall filters with policers - advantage is You can use the same policer in both directions and it will rate-limit the sum of incoming and outgoing traffic. If You want to be granular/per-application rate-limiting then You have to specify IP addresses and TCP/UDP ports for each application You want to rate-limit separately.
2/ Use AppQos wil rate-limiters - You can be very granular with applications (i.e. it could differentiate FB from Youtube even if they both use tcp/443) but You'd need to set rate-limiters per direction (1 outgoing and 1 incoming rate-limiter)