Hi there,
I own an ISP and have got some problems with limiting the outgoing traffic from one server with multiple IP addresses to a max om 2 Mbit per sec. (trust to untrust).
I got a Netscreen 25 with Version: 5.3.0r1.0 (Firewall+VPN)
I've added the following policy to the config (through the GUI)
set policy id 999 name "BandwidtLimit" from "Trust" to "Untrust" "fh-backup-server" "Any" "ANY" permit no-session-backup traffic mbw 2048
set policy id 999
exit
The fh-backup-server is defined as a group object
set group address "Trust" "fh-backup-server"
set group address "Trust" "fh-backup-server" add "fh-backup-server-1"
set group address "Trust" "fh-backup-server" add "fh-backup-server-2"
set group address "Trust" "fh-backup-server" add "fh-backup-server-3"
set group address "Trust" "fh-backup-server" add "fh-backup-server-4"
set group address "Trust" "fh-backup-server" add "fh-backup-server-5"
All seperate objects have one ip-address assigned.
It seems that the the measured bandwidth by the Netscreen is not the same as which I read through SNMP from the Netscreen and one of the Cisco switches, because the bandwidt is not limited.
I also tried to configure the counting option with an alarm treshold of 125000 Bytes per sec (=1Mbit per sec), but the alarm isn't even triggered.
I hope someone can explain how the Netscreen device is handling traffic shaping and help me out with the config. Thanks in advance!
I own an ISP and have got some problems with limiting the outgoing traffic from one server with multiple IP addresses to a max om 2 Mbit per sec. (trust to untrust).
I got a Netscreen 25 with Version: 5.3.0r1.0 (Firewall+VPN)
I've added the following policy to the config (through the GUI)
set policy id 999 name "BandwidtLimit" from "Trust" to "Untrust" "fh-backup-server" "Any" "ANY" permit no-session-backup traffic mbw 2048
set policy id 999
exit
The fh-backup-server is defined as a group object
set group address "Trust" "fh-backup-server"
set group address "Trust" "fh-backup-server" add "fh-backup-server-1"
set group address "Trust" "fh-backup-server" add "fh-backup-server-2"
set group address "Trust" "fh-backup-server" add "fh-backup-server-3"
set group address "Trust" "fh-backup-server" add "fh-backup-server-4"
set group address "Trust" "fh-backup-server" add "fh-backup-server-5"
All seperate objects have one ip-address assigned.
It seems that the the measured bandwidth by the Netscreen is not the same as which I read through SNMP from the Netscreen and one of the Cisco switches, because the bandwidt is not limited.
I also tried to configure the counting option with an alarm treshold of 125000 Bytes per sec (=1Mbit per sec), but the alarm isn't even triggered.
I hope someone can explain how the Netscreen device is handling traffic shaping and help me out with the config. Thanks in advance!