SRX

 View Only
last person joined: 18 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Can we limit bandwidth base on application?

    Posted 03-01-2012 06:50

    Hi all,

     

    Can we limit bandwidth base on application?

    Is there a link to kb or an example on this?


    #bandwidth
    #Application
    #limit


  • 2.  RE: Can we limit bandwidth base on application?
    Best Answer

    Posted 03-01-2012 06:58

    Hi Michael,

     

    Yes we can. Create a policer with the bandwidth limit you want , and call the same policer referring the ports of that application,
    in the firewall filter .

    In this snippet ,I am limiting the ftp traffic to 300M.
    You can also add source and destination address in the firewall filter.


    root@SRX240HM-2# show firewall                          
    policer p1 {
        if-exceeding {
            bandwidth-limit 300m;
            burst-size-limit 10k;
        }
        then discard;
    }

    [edit]
    root@SRX240HM-2# show firewall
    policer p1 {
        if-exceeding {
            bandwidth-limit 300m;
            burst-size-limit 10k;
        }
        then {
            discard;
            loss-priority low;
        }
    }


    [edit]
    root@SRX240HM-2# show firewall filter f1
    term 1 {
        from {
            protocol tcp;
            destination-port [ 20 21 ];
        }
        then {
            policer p1;
            accept;
        }
    }
    term 2 {
        then accept;
    }

    [edit]
    root@SRX240HM-2# set interfaces ge-0/0/0.0 family inet filter input f1

    Hope this helps.

    Regards,
    Visitor

    -------------------------------------------------------------------------------------------------------
    If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated



  • 3.  RE: Can we limit bandwidth base on application?

    Posted 03-01-2012 07:25
    Thanks for sharing Visitor!