Hi
As per the attached config , you are not using DHCP to assign IPs to your internal PCs , so you just need to define your PCs allowed to access Internet in address-book address-set under the zone Internal which contains all addresses allowed , and define two security policies from zone Internal to zone Untrust , the first one to permit traffic from the Allowed-PCs address-set and the second to deny anything else.
[edit security zones security-zone internal]
root@SRX1# show
address-book {
address PC1 192.168.2.101/32;
address PC2 192.168.1.102/32;
address-set Allowed-PCs {
address PC1;
address PC2;
}
}
[edit security policies from-zone internal to-zone untrust]
root@HQ-SRX1# show
policy allow-internet {
match {
source-address Allowed-PCs;
destination-address any;
application any;
}
then {
permit;
}
}
policy deny-else {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
Regards