SRX

 View Only
last person joined: 13 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  How can I set a filter to a External IP ?

    Posted 07-12-2016 03:39

    I tried this http://kb.juniper.net/InfoCenter/index?page=content&id=KB28161&smlogin=true&actp=search

    but I can't because the  interfaces ge-0/0/7 is family ethernet-swithing port-mode trunk

     

    routing-options {
      static {
               route 0.0.0.0/0 next-hop X.X.X.209;
               }

     

    unit 696 {
             family inet {
                 address X.X.X.212/29;

                 address X.X.X/214/29;
             }
    }

     

    proxy-arp {
          interface vlan.696 {
                address {
                      X.X.X.213/32;
                }
          }
    }

     

    the SRX240 IP is X.X.X.212         works! 

    1 ext IP -> proxy-ap IP X.X.X.213   works!

    2 ext IP -> static IP X.X.X.214   work only on vlan.696.

     

    Is it possible to set limit bandwidth on a mac address where interfecase is family ethernet-switching ?

     

    Any suggestion or any alternative solution?

     

     


    #externalip
    #bandwidth
    #ethernet-switching


  • 2.  RE: How can I set a filter to a External IP ?

    Posted 07-12-2016 04:43

    Hi,

     

    Have you tried implementing the filter in all the other Vlans defined on the SRX as well ?

     

    I would suggest that you try that and see if it works.

     

    Regards,

    Sahil

    ---------------------------------------------------

    Please mark my solution as accepted if it helped, Kudos are appreciated as well.


    #firewall
    #term
    #policier
    #filter


  • 3.  RE: How can I set a filter to a External IP ?

    Posted 07-13-2016 01:47

    I tried the filter on a local vlan-host works but not if I try to do the same on External IP X.X.X.214

     

    unit 696{
     family inet {
        filter {
            input output-limit;
            output output-limit;
        }
        address X.X.X.212/29;
        address X.X.X.214/29;
     }
    }

     

    show firewall family inet filter output-limit 
    term 0 {
        from {
            source-address {
                X.X.X.214/32;
            }
        }
        then {
            policer policer-9mb;
            accept;
        }
    }
    term 1 {
        from {
            destination-address {
                X.X.X.214/32;
            }
        }
        then {
            policer policer-9mb;
            accept;
        }
    }
    term NO-RATE-ELSE {
        then accept;
    }
    

    It looks the filter is set on right place :

    show interfaces vlan.696 detail | match "filter"    
          Input Filters: output-limit
          Output Filters: output-limit
    

    Any ideas?



  • 4.  RE: How can I set a filter to a External IP ?

    Posted 07-13-2016 06:11

    Hi,

     

    Are you trying to add this filter/policer for the traffic coming from the internet towards the SRX external IP ?

     

    Regards,

    Sahil Sharma

    ---------------------------------------------------

    Please mark my solution as accepted if it helped, Kudos are appreciated as well.



  • 5.  RE: How can I set a filter to a External IP ?

    Posted 07-13-2016 06:26

    @sahilsha yes both ways, the same filter works for a internal ip.

     



  • 6.  RE: How can I set a filter to a External IP ?

    Posted 07-13-2016 21:03

    Hi,

     

    If you are trying to limit bandwidth for traffic coming from the ISP, this does not make much sense as the traffic has already occupied your ISP pipe and will be dropped on the SRX only.

     

    Policing is ideally for traffic from inside to outside.

     

    Regards,

    Sahil Sharma

    ---------------------------------------------------

    Please mark my solution as accepted if it helped, Kudos are appreciated as well.



  • 7.  RE: How can I set a filter to a External IP ?

    Posted 07-14-2016 01:42

    yes I was aware about that ,

     

    my scope is to have the main IP X.X.X.212 (SRX240)use the fulll bandiwidth provided by the ISP where another external IP X.X.X.214 using a part of it and it will assign to another router,

     

    another alternative probabily is to limit a port ? is this could be implement ?

     

     

     

     



  • 8.  RE: How can I set a filter to a External IP ?
    Best Answer

    Posted 07-15-2016 02:55

    Hi,

     

    I dont think this requirement could be met from the SRX side.

     

    The ISP might be able to do this, however on the SRX even if we limit the bandwidth for that particular ISP, it would still have consumed the whole ISP pipe and then it would be dropped on the SRX as you already know.

     

    Regards,

    Sahil Sharma

    ---------------------------------------------------

    Please mark my solution as accepted if it helped, Kudos are appreciated as well.