Configuring a Policer for a Firewall Filter
You can configure policers to rate limit traffic on a device. After you configure a policer, you can include it in an ingress firewall filter configuration.
When you configure a firewall filter, you can specify a policer action for any term or terms within the filter. All traffic that matches a term that contains a policer action goes through the policer that the term references. Each policer that you configure includes an implicit counter. To get term-specific packet counts, you must configure a new policer for each filter term that requires policing.
The following policer limits apply on the switch:
- A maximum of 512 policers can be configured for port firewall filters.
- A maximum of 512 policers can be configured for VLAN and Layer 3 firewall filters.
- In the navigation tree, select Device Manager > Devices. In Device Manager, select the device for which you want to configure a policer.
- In the configuration tree, expand Firewall.
- Perform the configuration tasks as described in Table 1.
 |
Note: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See Updating Devices for more information. |
Table 1: Configuring a Policer for a Firewall Filter
Task |
Action |
|---|---|
Create the policer for expedited forwarding, and give the policer a name—for example, ef-policer. |
Select Policer and click Add new entry. In the Policer name box, type ef-policer. |
Enter the loss priority for packets exceeding the limits established by the policer—for example, high. |
|
