set interfaces ge-0/0/0 unit 0 family inet address 192.168.6.254/24
set interfaces ge-0/0/0 description "LAN"
set interfaces ge-0/0/15 unit 0 family inet address 217.150.139.164/28
set interfaces ge-0/0/15 description "ISP-A"
set interfaces ge-0/0/14 unit 0 family inet address 192.168.12.199/30
set interfaces ge-0/0/14 unit 0 family inet filter input filter-ISP-B
set interfaces ge-0/0/14 description "ISP-B"

set routing-instances ISP-A instance-type forwarding
set routing-instances ISP-A routing-options static route 0.0.0.0/0 qualified-next-hop 2.2.2.1 metric 10
set routing-instances ISP-A routing-options static route 0.0.0.0/0 qualified-next-hop 3.3.3.1 metric 20
set routing-instances ISP-B instance-type forwarding
set routing-instances ISP-B routing-options static route 0.0.0.0/0 qualified-next-hop 3.3.3.1 metric 10
set routing-instances ISP-B routing-options static route 0.0.0.0/0 qualified-next-hop 2.2.2.1 metric 20

set routing-options interface-routes rib-group inet if-rg
set routing-options static route 0.0.0.0/0 qualified-next-hop 217.150.139.161 metric 20
set routing-options static route 0.0.0.0/0 qualified-next-hop 192.168.12.254 metric 30
set routing-options rib-groups if-rg import-rib inet.0
set routing-options rib-groups if-rg import-rib ISP-A.inet.0
set routing-options rib-groups if-rg import-rib ISP-B.inet.0


set firewall filter filter-ISP-B term ISP-B-incoming from interface ge-0/0/14.0
set firewall filter filter-ISP-B term ISP-B-incoming then routing-instance ISP-B
set firewall filter filter-ISP-B term default then accept


set security policies from-zone trust to-zone untrust policy office-access match source-address any
set security policies from-zone trust to-zone untrust policy office-access match destination-address any
set security policies from-zone trust to-zone untrust policy office-access match application any
set security policies from-zone trust to-zone untrust policy office-access then permit
set security policies from-zone trust to-zone untrust policy office-access then log session-init

set security policies from-zone untrust to-zone trust policy publish match source-address any
set security policies from-zone untrust to-zone trust policy publish match destination-address webserver.example.com
set security policies from-zone untrust to-zone trust policy publish match application junos-https
set security policies from-zone untrust to-zone trust policy publish then permit
set security policies from-zone untrust to-zone trust policy publish then log session-init

set security zones security-zone trust address-book address webserver.example.com 192.168.6.11/32
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all

set security nat source rule-set Default_NAT_Rule from zone trust
set security nat source rule-set Default_NAT_Rule to zone untrust
set security nat source rule-set Default_NAT_Rule rule Outgoing_Interface_NAT match source-address 0.0.0.0/0
set security nat source rule-set Default_NAT_Rule rule Outgoing_Interface_NAT match destination-address 0.0.0.0/0
set security nat source rule-set Default_NAT_Rule rule Outgoing_Interface_NAT then source-nat interface

set security nat destination pool nat-pool-webserver-https address 192.168.6.11/32
set security nat destination pool nat-pool-webserver-https address port 443
set security nat destination rule-set dst-nat-isp-a from interface ge-0/0/15.0
set security nat destination rule-set dst-nat-isp-a rule webserver-https-ispa  match destination-address 217.150.139.164/32
set security nat destination rule-set dst-nat-isp-a rule webserver-https-ispa  match destination-port 443
set security nat destination rule-set dst-nat-isp-a rule webserver-https-ispa  then destination-nat pool nat-pool-webserver-https
set security nat destination rule-set dst-nat-isp-b from interface ge-0/0/14.0
set security nat destination rule-set dst-nat-isp-b rule webserver-https-ispb  match destination-address 192.168.12.199/32
set security nat destination rule-set dst-nat-isp-b rule webserver-https-ispb  match destination-port 443
set security nat destination rule-set dst-nat-isp-b rule webserver-https-ispb  then destination-nat pool nat-pool-webserver-https