You will need to put interface vlan.1 in the DMZ security zone. If you want to test ping to the interface from a DMZ host you will need to configure ping under the DMZ security zone.
The default behavior for interzone traffic is deny-all. (This can be changed,fwiw ) You have your entire "from-zone DMZ to-zone untrust" deactivated. You also have individual policies within that hierarchy deactivated. I'm pointing that out, because I think you might have deactivated the top level inadvertantly. Activate the "from-zone DMZ to-zone untrust" and then deactivate/activate individual policies within that group if you want to test different rules. If you want to allow DMZ initiated traffic with destination ports smtp, http, https, dns(tcp/udp), then you would need something like this:
policy allowDMZ {
match {
source-address any; (or an address book reference)
destination-address any; (or an address book reference)
application [ junos-smtp junos-http junos-https junos-dns-tcp junos-dns-udp ];
}
then {
permit;
}
}
As you make your rules, you might find the "insert" command useful for reordering policies.
If you want to allow traffic initiated from the untrust zone to get to the DMZ hosts, you will need another policy and you will need destination nat. Let me know if you need that...
This is what you had in your config:
inactive: from-zone DMZ to-zone untrust {
inactive: policy AllowedDMZ {
match {
source-address DS-EDGE-1;
destination-address any;
application [ junos-smtp junos-http junos-https junos-dns-tcp junos-dns-udp ];
}
then {
permit;
}
}
inactive: policy defaultDMZ {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
policy DMZANY {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}