## Last changed: 2015-06-22 16:43:20 GMT+1 version 12.1X44.3; system { host-name GATEWAY1; time-zone GMT+1; name-server { 192.168.1.254; } name-resolution { no-resolve-on-input; } services { ssh; telnet; web-management { https { system-generated-certificate; interface fe-0/0/7.0; } session { idle-timeout 60; } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } ntp { server us.ntp.pool.org; } } interfaces { fe-0/0/0 { unit 0 { family inet { address 192.168.1.101/24; } } } fe-0/0/1 { unit 0 { description WAN2COLLAT; family inet { address 192.168.1.101/24; } } } fe-0/0/2 { unit 0 { description WAN2PHALS; family inet { address 192.168.1.101/24; } } } fe-0/0/3 { unit 0 { description WAN_TOVIBRANT; family inet { address 192.168.1.101/24; } } } fe-0/0/4 { unit 0 { family ethernet-switching; } } fe-0/0/5 { unit 0 { family ethernet-switching; } } fe-0/0/6 { unit 0 { family ethernet-switching; } } fe-0/0/7 { vlan-tagging; fastether-options { no-auto-negotiation; } unit 0 { description COLLATPRO; vlan-id 3; family inet { address 192.168.3.1/24; } } unit 1 { description PHALS; vlan-id 2; family inet { address 192.168.2.1/24; } } unit 2 { description Collateral; vlan-id 4; family inet { address 192.168.4.1/24; } } unit 3 { description VIBRANT; vlan-id 5; family inet { address 192.168.5.1/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.254; } } protocols { stp; } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set srcnat_ColatPro { from zone CollateralPro; to zone WAN_COLLATPRO; rule nsw-src-interface { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set srcnat_collat { from zone Collat_Trust; to zone WAN_COLLAT; rule srcnat_collat { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set srcnat-phals { from zone Phals_trust; to zone WAN_PHALS; rule srcnat-phals { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set srcnat_vibrant { from zone Vibrant_Trust; to zone Vibrant_Trust; rule srcnat_vibrant { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone CollateralPro to-zone WAN_COLLATPRO { policy All_CollateralPro_Internet { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Collat_Trust to-zone WAN_COLLAT { policy COLLAT { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Phals_trust to-zone WAN_PHALS { policy PHALS_FWPOLICY { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Vibrant_Trust to-zone WAN_VIBRANT { policy VIBRANT_FWPOLICY { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone CollateralPro { interfaces { fe-0/0/7.0 { host-inbound-traffic { system-services { ping; dhcp; https; ssh; telnet; } } } } } security-zone Internet; security-zone WAN_COLLAT { interfaces { fe-0/0/1.0; } } security-zone WAN_COLLATPRO { interfaces { fe-0/0/0.0; } } security-zone WAN_PHALS { interfaces { fe-0/0/2.0; } } security-zone WAN_VIBRANT { interfaces { fe-0/0/3.0; } } security-zone Collat_Trust { interfaces { fe-0/0/7.2 { host-inbound-traffic { system-services { dhcp; https; ping; ssh; } } } } } security-zone Phals_trust { interfaces { fe-0/0/7.1 { host-inbound-traffic { system-services { dhcp; ping; ssh; https; } } } } } security-zone Vibrant_Trust { interfaces { fe-0/0/7.3 { host-inbound-traffic { system-services { dhcp; https; ping; ssh; } } } } } } } routing-instances { collat-vr { instance-type virtual-router; system { services { dhcp-local-server { group COLLAT { interface fe-0/0/7.2; } } } } access { address-assignment { pool COLLATPOOL { family inet { network 192.168.4.0/24; range COLLATRANGE { low 192.168.4.2; high 192.168.4.240; } dhcp-attributes { name-server { 192.168.1.254; } router { 192.168.4.1; } } } } } } interface fe-0/0/1.0; interface fe-0/0/7.2; routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.254; } } } collatpro-vr { instance-type virtual-router; system { services { dhcp-local-server { group COLLATPRO { interface fe-0/0/7.0; } } } } access { address-assignment { pool COLLATPROPOOL { family inet { network 192.168.3.0/24; range COLLATPROPOOLRANGE { low 192.168.3.2; high 192.168.3.240; } dhcp-attributes { name-server { 192.168.1.254; } router { 192.168.3.1; } } } } } } interface fe-0/0/0.0; interface fe-0/0/7.0; routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.254; } } } phals-vr { instance-type virtual-router; system { services { dhcp-local-server { group PHALS { interface fe-0/0/7.1; } } } } access { address-assignment { pool PHALSPOOL { family inet { network 192.168.4.0/24; range PHALSRANGE { low 192.168.4.2; high 192.168.4.240; } dhcp-attributes { name-server { 192.168.1.254; } router { 192.168.4.1; } } } } } } interface fe-0/0/2.0; interface fe-0/0/7.1; routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.254; } } } vibrant-vr { instance-type virtual-router; system { services { dhcp-local-server { group VIBRANT { interface fe-0/0/7.3; } } } } access { address-assignment { pool VIBRANTPOOL { family inet { network 192.168.5.0/24; range VIBRANTPOOLRANGE { low 192.168.5.2; high 192.168.5.240; } dhcp-attributes { name-server { 192.168.1.254; } router { 192.168.5.1; } } } } } } interface fe-0/0/3.0; interface fe-0/0/7.3; routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.254; } } } } vlans { Collat { vlan-id 4; } CollatPro { vlan-id 3; } Phals { vlan-id 2; } Vibrant { vlan-id 5; } }