Table of Contents
Advertisement
Table 28: Create a New Term (continued)
Forwarding Class
Loss Priority
Analyzer
Configuring a Policer for a Firewall Filter
46
Classifies the packet into one of the
following forwarding classes:
assured-forwarding
best-effort
expedited-forwarding
network-control
user-defined
Specifies the Packet Loss Priority.
NOTE: Forwarding Class and Loss
Priority should be specified together for
the same term.
Specifies whether to perform
port-mirroring on packets. Port-mirroring
copies all packets seen on one switch
port to a network monitoring connection
on another switch port.
You can configure policers to rate limit traffic on a device. After you configure a policer,
you can include it in an ingress firewall filter configuration.
When you configure a firewall filter, you can specify a policer action for any term or terms
within the filter. All traffic that matches a term that contains a policer action goes through
the policer that the term references. Each policer that you configure includes an implicit
counter. To get term-specific packet counts, you must configure a new policer for each
filter term that requires policing.
The following policer limits apply on the switch:
A maximum of 512 policers can be configured for port firewall filters.
A maximum of 512 policers can be configured for VLAN and Layer 3 firewall filters.
In the navigation tree, select Device Manager > Devices. In Device Manager, select
1.
the device for which you want to configure a policer.
In the configuration tree, expand Firewall.
2.
Perform the configuration tasks as described in Table 29 on page 47.
3.
NOTE: After you make changes to a device configuration, you must push that
updated device configuration to the physical security device for those changes
to take effect. You can update multiple devices at one time. See Updating
Devices for more information.
Select the option from the list.
Enter the value.
Select the analyzer from the list.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
