Hi Bob,
To address your issues in order:
- web publishing (https on port 443)
You'll need to change the port that web-management is running on before you can port forward 443. Use something like:
set system services web-management https port 8443
- Ping SRX across the internet
- name resolution from the console, ping internet from console
From the looks of your config, only port fe-0/0/7 will respond to ping (Port4OptusMel). You need to make sure that the host-inbound-traffic is configured under each interface, or globally for the zone. If it is configured for both, the services you enable for a specific interface will override the zone settings:
set security zones security-zone untrust host-inbound-traffic system-services ping
Another issue that will be causing the ping to fail is your routing - you have 4 default routes configured, but none of them is present in the inet.0 global routing table - this is the table that the Routing Engine uses to send the ping response and by the looks of your config it doesn't have a default route in it.
This will also be the cause of your next issue - name resolution won't work because you have no route in inet.0 to the two DNS servers you have configured, and similarly pinging the internet from the SRX will fail.
Set a default route out one of your ISPs in the global table to confirm this (it won't affect your filter-based forwarding configuration):
set routing-options static route 0.0.0.0/0 next-hop 1.1.1.1
Just be aware that for inbound ICMP to the SRX if the request comes in on an interface that is not the same as your active default route, the flow engine will most likely drop the return packet because it doesn't match the existing session.
Hope this helps