## Last commit: 2009-12-19 00:11:08 CST by root version 9.6R1.13; system { host-name SRXtest; time-zone America/Mexico_City; root-authentication { encrypted-password "$1$G9nFDreC$pupkKttSk9Hi9Bc2Vxvga0"; } services { ssh; web-management { http { interface [ ge-0/0/0.0 fe-0/0/2.0 ]; } } } syslog { user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.1.1/24; } } } fe-0/0/2 { unit 0 { family inet { address 201.148.5.17/30; } } } fe-0/0/6 { speed 100m; mtu 9192; link-mode full-duplex; unit 0 { family inet { address 192.168.10.1/30; } } } fe-0/0/7 { speed 100m; mtu 9192; link-mode full-duplex; unit 0 { family inet { address 192.168.11.1/30; } } } t1-1/0/0 { encapsulation cisco-hdlc; } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } } routing-options { static { route 0.0.0.0/0 next-hop 201.148.5.18; } } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; queue-size 2000; timeout 20; } land; } } } zones { security-zone trust { tcp-rst; host-inbound-traffic { system-services { http; ping; ssh; } } interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { http; https; ssh; telnet; dhcp; ping; } } } fe-0/0/6.0; fe-0/0/7.0; fe-0/0/2.0; } } security-zone untrust { screen untrust-screen; } } policies { from-zone trust to-zone trust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone untrust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy default-deny { match { source-address any; destination-address any; application any; } then { permit; } } } } }