************* 802.3ad Configuration ******************* version 10.2R3.10; groups { node0 { system { host-name SRX3400-node0; backup-router 192.168.10.254 destination 0.0.0.0/0; services { ssh; web-management { http { interface fxp0.0; } } } } interfaces { fxp0 { unit 0 { family inet { address 192.168.10.1/24; } } } } } node1 { system { host-name SRX3400-node1; backup-router 192.168.10.254 destination 0.0.0.0/0; services { ssh; web-management { http { interface fxp0.0; } } } } interfaces { fxp0 { unit 0 { family inet { address 192.168.10.2/24; } } } } } } apply-groups "${node}"; system { time-zone America/New_York; root-authentication { encrypted-password "$1$cnUXNVhE$mIyFLY.Gan2kKKnpL8R0T0"; ## SECRET-DATA } name-server { 208.67.222.222; 208.67.220.220; } services { ftp { connection-limit 1; } ssh { root-login allow; } } syslog { user * { any emergency; } file messages { any notice; authorization info; } } } chassis { aggregated-devices { ethernet { device-count 4; } } cluster { control-link-recovery; heartbeat-interval 2000; heartbeat-threshold 8; redundancy-group 1 { node 0 priority 100; node 1 priority 50; interface-monitor { ae0 weight 255; ae2 weight 255; } } redundancy-group 0 { node 0 priority 100; node 1 priority 50; } } } interfaces { ge-0/0/8 { gigether-options { 802.3ad ae0; } } ge-0/0/9 { gigether-options { 802.3ad ae0; } } ge-0/0/10 { gigether-options { 802.3ad ae2; } } ge-0/0/11 { gigether-options { 802.3ad ae2; } } ge-8/0/8 { gigether-options { 802.3ad ae1; } } ge-8/0/9 { gigether-options { 802.3ad ae1; } } ge-8/0/10 { gigether-options { 802.3ad ae3; } } ge-8/0/11 { gigether-options { 802.3ad ae3; } } ae0 { aggregated-ether-options { minimum-links 1; } unit 0 { family bridge { interface-mode access; vlan-id 17; } } } ae1 { unit 0 { family bridge { interface-mode access; vlan-id 17; } } } ae2 { aggregated-ether-options { minimum-links 1; } unit 0 { family bridge { interface-mode access; vlan-id 17; } } } ae3 { unit 0 { family bridge { interface-mode access; vlan-id 17; } } } fab0 { fabric-options { member-interfaces { ge-0/0/6; } } } fab1 { fabric-options { member-interfaces { ge-8/0/6; } } } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } } security { zones { security-zone untrust; interfaces { ae0.0 ae1.0; } } security-zone Banner_Net { interfaces { ae2.0 ae3.0; { } } } } policies { from-zone untrust to-zone Banner_Net { policy untrust-Banner { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Banner_Net to-zone untrust { policy Banner-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } } alg { dns disable; ftp disable; rsh disable; rtsp disable; talk disable; tftp disable; pptp disable; } } bridge-domains { bd-vu { vlan-id 17; } } ****************** LACP Configuration ********************** version 10.2R3.10; groups { node0 { system { host-name SRX3400-node0; backup-router 192.168.10.254 destination 0.0.0.0/0; services { ssh; web-management { http { interface fxp0.0; } } } } interfaces { fxp0 { unit 0 { family inet { address 192.168.10.1/24; } } } } } node1 { system { host-name SRX3400-node1; backup-router 192.168.10.254 destination 0.0.0.0/0; services { ssh; web-management { http { interface fxp0.0; } } } } interfaces { fxp0 { unit 0 { family inet { address 192.168.10.2/24; } } } } } } apply-groups "${node}"; system { time-zone America/New_York; root-authentication { encrypted-password "$1$cnUXNVhE$mIyFLY.Gan2kKKnpL8R0T0"; ## SECRET-DATA } name-server { 208.67.222.222; 208.67.220.220; } services { ftp { connection-limit 1; } ssh { root-login allow; } } syslog { user * { any emergency; } file messages { any notice; authorization info; } } } chassis { aggregated-devices { ethernet { device-count 4; } } cluster { control-link-recovery; heartbeat-interval 2000; heartbeat-threshold 8; redundancy-group 1 { node 0 priority 100; node 1 priority 50; interface-monitor { ge-0/0/8 weight 130; ge-0/0/9 weight 130; } } redundancy-group 0 { node 0 priority 100; node 1 priority 50; } } } interfaces { ge-0/0/8 { gigether-options { redundant-parent reth0; } } ge-0/0/9 { gigether-options { redundant-parent reth0; } } ge-0/0/10 { gigether-options { redundant-parent reth1; } } ge-0/0/11 { gigether-options { redundant-parent reth1; } } ge-8/0/8 { gigether-options { redundant-parent reth0; } } ge-8/0/9 { gigether-options { redundant-parent reth0; } } ge-8/0/10 { gigether-options { redundant-parent reth1; } } ge-8/0/11 { gigether-options { redundant-parent reth1; } } reth0 { redundant-ether-options { lacp active; redundancy-group 1; } unit 0 { family bridge { interface-mode access; vlan-id 17; } } } reth1 { redundant-ether-options { lacp active; redundancy-group 1; } unit 0 { family bridge { interface-mode access; vlan-id 17; } } } fab0 { fabric-options { member-interfaces { ge-0/0/6; } } } fab1 { fabric-options { member-interfaces { ge-8/0/6; } } } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } } security { zones { security-zone untrust; interfaces { ae0.0 ae1.0; } } security-zone Banner_Net { interfaces { ae2.0 ae3.0; { } } } } policies { from-zone untrust to-zone Banner_Net { policy untrust-Banner { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Banner_Net to-zone untrust { policy Banner-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } } alg { dns disable; ftp disable; rsh disable; rtsp disable; talk disable; tftp disable; pptp disable; } } bridge-domains { bd-vu { vlan-id 17; } }