services {
        ftp;
        ssh {
            protocol-version v2;
        }
        web-management {
            https {
                system-generated-certificate;
                interface vlan.1;
            }
        }
    }
   
}
interfaces {
    ge-0/0/0 {
        description Trunk-to-switch;
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ VOICE default ];
                }
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 10.254.254.20/24;
            }
        }
    }
    fe-0/0/2 {
        unit 0;
    }
    fe-0/0/3 {
        unit 0;
    }

    vlan {
        unit 1 {
            family inet {
                address 10.20.2.1/16;
            }
        }
        unit 100 {
            family inet {
                address 10.100.20.1/24;
            }
        }
            }
    }

}

security {
    screen {
        ids-option untrust-screen {
            tcp {
                syn-flood;
            }
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                ge-0/0/0.0;
                vlan.1;
                vlan.100;
                ge-0/0/1.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                    log {
                        session-init;
                    }
                }
            }
        }
        from-zone trust to-zone trust {
            policy trust-to-trust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    alg {
        dns disable;
        ftp disable;
        h323 disable;
        mgcp disable;
        msrpc disable;
        sunrpc disable;
        real disable;
        rsh disable;
        rtsp disable;
        sip disable;
        sql disable;
        talk disable;
        tftp disable;
        pptp disable;
    }
    flow {
        tcp-session {
            no-syn-check;
            no-sequence-check;
        }
    }
}

}
vlans {
    VOICE {
        vlan-id 100;
        l3-interface vlan.100;
    } 
    default {
        vlan-id 1;
        l3-interface vlan.1;
    }
}