## Last changed: 2010-03-29 15:07:37 CEST version 9.6R3.8; system { host-name srx100; domain-name test.domain; domain-search test.domain; time-zone Europe/Budapest; root-authentication { encrypted-password "$1$ibLoubWS$8qJ.kw0xt68TSYbdqTd2O1"; ## SECRET-DATA } name-server { 192.168.7.200; 89.133.214.3; } services { ssh { protocol-version v2; } netconf { ssh; } web-management { http { interface fe-0/0/0.0; } https { system-generated-certificate; interface fe-0/0/0.0; } } dhcp { maximum-lease-time 14400; default-lease-time 14400; domain-name wsh.hu; name-server { 89.133.214.3; 192.168.7.200; } domain-search { test.domain; } router { 192.168.11.1; } server-identifier 192.168.11.1; pool 192.168.11.0/24 { address-range low 192.168.11.101 high 192.168.11.199; } static-binding 00:1a:73:56:8d:3a { fixed-address { 192.168.11.126; } } } } syslog { user * { any warning; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } console { any notice; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } ntp { server 148.6.0.1; } } interfaces { fe-0/0/0 { description trust; unit 0 { family inet { address 192.168.11.1/24; } } } fe-0/0/1 { description untrust; unit 0 { description CABLE; family inet { dhcp; } } } fe-0/0/2 { description untrust; unit 0 { description UPC; family inet { address 89.133.214.27/28; } } } } routing-options { interface-routes { rib-group inet default; } static { rib-group default; route 0.0.0.0/0 { next-hop 192.168.7.1; metric 5; } } rib-groups { default { import-rib [ inet.0 upc.inet.0 ]; } } } security { nat { source { rule-set default-nat { from zone trust; to zone untrust; rule useinterfaceip { match { destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; queue-size 2000; timeout 20; } land; } } } zones { security-zone trust { tcp-rst; address-book { address test1 192.168.11.101/32; } host-inbound-traffic { system-services { ssh; http; https; netconf; ping; } protocols { all; } } interfaces { fe-0/0/0.0 { host-inbound-traffic { system-services { http; https; ssh; netconf; ping; dhcp; } } } } } security-zone untrust { screen untrust-screen; host-inbound-traffic { system-services { any-service; } } interfaces { fe-0/0/1.0 { host-inbound-traffic { system-services { dhcp; ping; } } } fe-0/0/2.0 { host-inbound-traffic { system-services { ping; } } } } } } policies { from-zone trust to-zone trust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone untrust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; log { session-close; } } } } from-zone untrust to-zone trust { policy default-deny { match { source-address any; destination-address any; application any; } then { deny; log { session-init; session-close; } } } } } } firewall { family inet { filter iroda-input { term web-traffic { from { source-address { 192.168.11.0/24; } destination-port [ http https ]; } then { routing-instance upc; } } term default { then accept; } } } } routing-instances { upc { instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop 89.133.214.30; } } } }