set version 12.1X44-D40.2 set system host-name srx-240 set system time-zone America/New_York set system root-authentication encrypted-password "$1$ ## Secret set system name-server 8.8.8.8 set system name-server 8.8.4.4 set system login user XXXXXX uid 2003 set system login user XXXXXX class super-user set system login user XXXXXX authentication encrypted-password "$1$3 ## Secret set system services ssh set system services web-management https system-generated-certificate set system services web-management https interface ge-0/0/2.0 set system services web-management https interface vlan.100 set system services dhcp pool 10.x.x.0/24 address-range low 10.x.x.50 set system services dhcp pool 10.x.x.0/24 address-range high 10.x.x.200 set system services dhcp pool 10.x.x.0/24 default-lease-time 3600 set system services dhcp pool 10.x.x.0/24 router 10.25.2.1 set system services dhcp pool 10.x.x.0/24 propagate-settings ge-0/0/0.0 set system services dhcp static-binding af:af:af:af:af:af fixed-address 10.x.x.x set system syslog file default-deny any any set system syslog file default-deny match RT_FLOW_SESSION_DENY set system ntp server 129.6.15.28 set interfaces interface-range interface-trust member ge-0/0/1 set interfaces interface-range interface-trust member ge-0/0/2 set interfaces interface-range interface-trust member ge-0/0/3 set interfaces interface-range interface-trust unit 0 family ethernet-switching vlan members vlan-trust set interfaces ge-0/0/0 description WAN set interfaces ge-0/0/0 unit 0 family inet dhcp update-server set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-trust set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust set interfaces vlan unit 100 family inet address 10.x.x.1/24 set security nat source rule-set internal-to-internet description "NAT anything from trust zone to untrust (LAN to Internet)" set security nat source rule-set internal-to-internet from zone trust set security nat source rule-set internal-to-internet to zone untrust set security nat source rule-set internal-to-internet rule internet-access match source-address 0.0.0.0/0 set security nat source rule-set internal-to-internet rule internet-access match destination-address 0.0.0.0/0 set security nat source rule-set internal-to-internet rule internet-access then source-nat interface set security policies from-zone trust to-zone untrust policy default-permit match source-address any set security policies from-zone trust to-zone untrust policy default-permit match destination-address any set security policies from-zone trust to-zone untrust policy default-permit match application any set security policies from-zone trust to-zone untrust policy default-permit then permit set security policies from-zone untrust to-zone trust policy siege match source-address any set security policies from-zone untrust to-zone trust policy siege match destination-address mypc set security policies from-zone untrust to-zone trust policy siege match destination-address WAN set security policies from-zone untrust to-zone trust policy siege match application siege set security policies from-zone untrust to-zone trust policy siege then permit set security policies from-zone untrust to-zone trust policy uplay match source-address any set security policies from-zone untrust to-zone trust policy uplay match destination-address mypc set security policies from-zone untrust to-zone trust policy uplay match application uplay set security policies from-zone untrust to-zone trust policy uplay then permit set security policies from-zone untrust to-zone trust policy minecraft match source-address any set security policies from-zone untrust to-zone trust policy minecraft match destination-address mypc set security policies from-zone untrust to-zone trust policy minecraft match application minecraft_tcp set security policies from-zone untrust to-zone trust policy minecraft match application minecraft_udp set security policies from-zone untrust to-zone trust policy minecraft then permit set security policies from-zone untrust to-zone trust policy ws-ping match source-address WAN set security policies from-zone untrust to-zone trust policy ws-ping match destination-address mypc set security policies from-zone untrust to-zone trust policy ws-ping match application junos-icmp-all set security policies from-zone untrust to-zone trust policy ws-ping then permit set security policies from-zone untrust to-zone trust policy default-deny match source-address any set security policies from-zone untrust to-zone trust policy default-deny match destination-address any set security policies from-zone untrust to-zone trust policy default-deny match application any set security policies from-zone untrust to-zone trust policy default-deny then deny set security policies from-zone untrust to-zone trust policy default-deny then log session-init set security zones security-zone untrust description "Internet Link - DHCP Configured" set security zones security-zone untrust address-book address mypc 10.x.x.x/32 set security zones security-zone untrust address-book address WAN 73.x.x.x/32 set security zones security-zone untrust host-inbound-traffic system-services ping set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone trust description "Local Area Network" set security zones security-zone trust address-book address mypc 10.x.x.x/32 set security zones security-zone trust address-book address WAN 73.x.x.x/32 set security zones security-zone trust host-inbound-traffic system-services all set security zones security-zone trust interfaces vlan.100 set security zones security-zone trust interfaces ge-0/0/1.0 set security zones security-zone trust interfaces ge-0/0/2.0 set security zones security-zone trust interfaces ge-0/0/3.0 set applications application siege protocol udp set applications application siege source-port 6015 set applications application siege destination-port 6015 set applications application minecraft_tcp protocol tcp set applications application minecraft_tcp source-port 25565 set applications application minecraft_tcp destination-port 25565 set applications application minecraft_udp protocol udp set applications application minecraft_udp source-port 25565 set applications application minecraft_udp destination-port 25565 set applications application uplay1 term t1 protocol tcp set applications application uplay1 term t1 destination-port 80 set applications application uplay1 term t2 protocol tcp set applications application uplay1 term t2 destination-port 443 set applications application uplay1 term t3 protocol tcp set applications application uplay1 term t3 destination-port 13000 set applications application uplay1 term t4 protocol tcp set applications application uplay1 term t4 destination-port 13005 set applications application uplay1 term t5 protocol tcp set applications application uplay1 term t5 destination-port 13200 set applications application uplay1 term t6 protocol tcp set applications application uplay1 term t6 destination-port 14000 set applications application uplay1 term t7 protocol tcp set applications application uplay1 term t7 destination-port 14001 set applications application uplay1 term t8 protocol tcp set applications application uplay1 term t8 destination-port 14008 set applications application uplay2 term t1 protocol tcp set applications application uplay2 term t1 destination-port 14020 set applications application uplay2 term t2 protocol tcp set applications application uplay2 term t2 destination-port 14021 set applications application uplay2 term t3 protocol tcp set applications application uplay2 term t3 destination-port 14022 set applications application uplay2 term t4 protocol tcp set applications application uplay2 term t4 destination-port 14023 set applications application uplay2 term t5 protocol tcp set applications application uplay2 term t5 destination-port 14024 set applications application-set uplay application uplay1 set applications application-set uplay application uplay2 set vlans vlan-trust vlan-id 100 set vlans vlan-trust l3-interface vlan.100