set security policies from-zone Internal to-zone Internet policy Allow_HTTP then log session-close set security policies from-zone Internal to-zone Internet policy MM_NP match source-address local-net set security policies from-zone Internal to-zone Internet policy MM_NP match destination-address NP_LAN_Seg set security policies from-zone Internal to-zone Internet policy MM_NP match application any set security policies from-zone Internal to-zone Internet policy MM_NP then permit tunnel ipsec-vpn MM_NP_VPN deactivate security policies from-zone Internal to-zone Internet policy MM_NP set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match source-address MCO_LAN_Seg set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match destination-address local-net set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match application any set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then permit tunnel ipsec-vpn MM_MCO_VPN set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then log session-init set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then log session-close set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN match source-address MCO_ISA_Seg set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN match destination-address local-net set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN match application any set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN then permit tunnel ipsec-vpn MM_MCO_VPN set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN then log session-init set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN then log session-close set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address MCO_Office set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address MM_HK_Chun_Wo set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address MM_HK_new_Office set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address STHL set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address STHL2 set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address TRU_Warehouse set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address STDMTEST set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address TRU set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address OCRMO set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address MCO_Wiff set security policies from-zone Internet to-zone Internal policy Allow_Services match destination-address MMServer set security policies from-zone Internet to-zone Internal policy Allow_Services match destination-address TRUServer set security policies from-zone Internet to-zone Internal policy Allow_Services match destination-address Server set security policies from-zone Internet to-zone Internal policy Allow_Services match application RDP set security policies from-zone Internet to-zone Internal policy Allow_Services match application IBS set security policies from-zone Internet to-zone Internal policy Allow_Services match application RDP-UDP set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-ms-sql set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-sql-monitor set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-sqlnet-v1 set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-sqlnet-v2 set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-icmp-all set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-ping set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-icmp-ping set security policies from-zone Internet to-zone Internal policy Allow_Services then permit set security policies from-zone Internet to-zone Internal policy Allow_Services then log session-init set security policies from-zone Internet to-zone Internal policy Allow_Services then log session-close set security policies from-zone Internet to-zone Internal policy Internet_to_Internal match source-address any set security policies from-zone Internet to-zone Internal policy Internet_to_Internal match destination-address any set security policies from-zone Internet to-zone Internal policy Internet_to_Internal match application any set security policies from-zone Internet to-zone Internal policy Internet_to_Internal then deny set security policies from-zone Internet to-zone Internal policy Internet_to_Internal then log session-init set security policies from-zone Internet to-zone Internal policy Internet_to_Internal then log session-close set security policies from-zone Internet to-zone Internal policy NP_MM match source-address NP_LAN_Seg set security policies from-zone Internet to-zone Internal policy NP_MM match destination-address local-net set security policies from-zone Internet to-zone Internal policy NP_MM match application any set security policies from-zone Internet to-zone Internal policy NP_MM then permit tunnel ipsec-vpn MM_NP_VPN set security policies from-zone Internet to-zone Internal policy NP_MM then log session-init set security policies from-zone Internet to-zone Internal policy NP_MM then log session-close deactivate security policies from-zone Internet to-zone Internal policy NP_MM set security zones security-zone Internal address-book address local-net 192.168.8.0/24 set security zones security-zone Internal host-inbound-traffic system-services all set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services all set security zones security-zone Internal interfaces fe-0/0/1.0 host-inbound-traffic system-services all set security zones security-zone Internal interfaces fe-0/0/0.0 set security zones security-zone Internal interfaces fe-0/0/2.0 set security zones security-zone Internal interfaces fe-0/0/3.0 set security zones security-zone Internet address-book address addr_0_0_0_0_0 0.0.0.0/0 set security zones security-zone Internet address-book address MCO_LAN_Seg 172.25.10.0/23 set security zones security-zone Internet address-book address MCO_ISA_Seg 10.10.1.0/28 set security zones security-zone Internet host-inbound-traffic system-services all set security zones security-zone Internet interfaces fe-0/0/7.0 host-inbound-traffic system-services all set security zones security-zone VPN host-inbound-traffic system-services all set applications application RDP protocol tcp set applications application RDP source-port 0-65535 set applications application RDP destination-port 3389-3389 set applications application IBS protocol udp set applications application IBS destination-port 1433-1433 set applications application RDP-UDP protocol udp set applications application RDP-UDP destination-port 3389 set applications application Teamviewer protocol tcp set applications application Teamviewer source-port 0-65535 set applications application Teamviewer destination-port 80-5938 set applications application teamviewer-udp protocol udp set applications application teamviewer-udp destination-port 80-5938 set vlans vlan1 vlan-id 3 set vlans vlan1 l3-interface vlan.1