Hi Michael,
Yes we can. Create a policer with the bandwidth limit you want , and call the same policer referring the ports of that application,
in the firewall filter .
In this snippet ,I am limiting the ftp traffic to 300M.
You can also add source and destination address in the firewall filter.
root@SRX240HM-2# show firewall
policer p1 {
if-exceeding {
bandwidth-limit 300m;
burst-size-limit 10k;
}
then discard;
}
[edit]
root@SRX240HM-2# show firewall
policer p1 {
if-exceeding {
bandwidth-limit 300m;
burst-size-limit 10k;
}
then {
discard;
loss-priority low;
}
}
[edit]
root@SRX240HM-2# show firewall filter f1
term 1 {
from {
protocol tcp;
destination-port [ 20 21 ];
}
then {
policer p1;
accept;
}
}
term 2 {
then accept;
}
[edit]
root@SRX240HM-2# set interfaces ge-0/0/0.0 family inet filter input f1
Hope this helps.
Regards,
Visitor
-------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated