You brought up NetSys; you might as well have said Dlink. Nothing compares to Ciscos for this task (unless you don't mind the color purple)
Unlike every other vendor with a policing feature, Cisco lets you set a burst margin. This is very important for tcp-oriented (read: 99.9% of your) traffic because your burst margin needs to be variable based on the amount of in-profile traffic that you're allowing. Otherwise, tcp closes your window(s) too narrow and every tcp stream flowing through your switch suffers from worse throughput than if you had a switch (like the Cisco 2950) that lets you set a proper burst margin. The cheaper switches usually use staticly computed burst, which may or may not work in any given situation.