set version 15.1X49-D170.4
set system host-name gw-myoffice
set system time-zone America/New_York
set system root-authentication encrypted-password "xxx"
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system services ssh
set system services netconf ssh
set system services dhcp-local-server group jdhcp-group interface irb.0
set system services web-management https system-generated-certificate
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system archival configuration transfer-on-commit
set system archival configuration archive-sites "scp://amerifeight@10.3.10.112:2022/home/amerifeight" password "xxx"
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server 23.129.64.159 prefer
set system ntp server 204.94.207.12
set system ntp server 78.46.194.186 version 4dhcp
set system phone-home server https://redirect.juniper.net
set system phone-home rfc-complaint
set services rpm probe PROBE-ISP1 test TEST-GOOGLE target address 8.8.8.8
set services rpm probe PROBE-ISP1 test TEST-GOOGLE probe-count 3
set services rpm probe PROBE-ISP1 test TEST-GOOGLE probe-interval 5
set services rpm probe PROBE-ISP1 test TEST-GOOGLE test-interval 10
set services rpm probe PROBE-ISP1 test TEST-GOOGLE thresholds successive-loss 3
set services rpm probe PROBE-ISP1 test TEST-GOOGLE thresholds total-loss 3
set services rpm probe PROBE-ISP1 test TEST-GOOGLE destination-interface ge-0/0/1.0
set services rpm probe PROBE-ISP1 test TEST-GOOGLE next-hop 10.1.10.1
set services rpm probe PROBE-ISP2 test TEST-ISP2 target address 8.8.8.8
set services rpm probe PROBE-ISP2 test TEST-ISP2 probe-count 3
set services rpm probe PROBE-ISP2 test TEST-ISP2 probe-interval 5
set services rpm probe PROBE-ISP2 test TEST-ISP2 test-interval 10
set services rpm probe PROBE-ISP2 test TEST-ISP2 thresholds successive-loss 3
set services rpm probe PROBE-ISP2 test TEST-ISP2 thresholds total-loss 3
set services rpm probe PROBE-ISP2 test TEST-ISP2 destination-interface ge-0/0/0.0
set services rpm probe PROBE-ISP2 test TEST-ISP2 next-hop 10.2.10.141
set services ip-monitoring policy TRACK-ISP1 match rpm-probe PROBE-ISP1
set services ip-monitoring policy TRACK-ISP1 then preferred-route routing-instances ISP1 route 0.0.0.0/0 next-hop 10.2.10.141
set services ip-monitoring policy TRACK-ISP2 match rpm-probe PROBE-ISP2
set services ip-monitoring policy TRACK-ISP2 then preferred-route routing-instances ISP2 route 0.0.0.0/0 next-hop 10.1.10.1
set security log mode stream
set security log report
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set INSIDE-to-ISP2 from zone trust
set security nat source rule-set INSIDE-to-ISP2 to zone ISP2
set security nat source rule-set INSIDE-to-ISP2 rule NAT-ISP2 match source-address 0.0.0.0/0
set security nat source rule-set INSIDE-to-ISP2 rule NAT-ISP2 match destination-address 0.0.0.0/0
set security nat source rule-set INSIDE-to-ISP2 rule NAT-ISP2 then source-nat interface
set security nat source rule-set INSIDE-to-ISP1 from zone trust
set security nat source rule-set INSIDE-to-ISP1 to zone ISP1
set security nat source rule-set INSIDE-to-ISP1 rule NAT-ISP1 match source-address 0.0.0.0/0
set security nat source rule-set INSIDE-to-ISP1 rule NAT-ISP1 match destination-address 0.0.0.0/0
set security nat source rule-set INSIDE-to-ISP1 rule NAT-ISP1 then source-nat interface
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone trust to-zone ISP2 policy INSIDE-to-ISP2 match source-address any
set security policies from-zone trust to-zone ISP2 policy INSIDE-to-ISP2 match destination-address any
set security policies from-zone trust to-zone ISP2 policy INSIDE-to-ISP2 match application any
set security policies from-zone trust to-zone ISP2 policy INSIDE-to-ISP2 then permit
set security policies from-zone trust to-zone ISP1 policy INSIDE-to-ISP1 match source-address any
set security policies from-zone trust to-zone ISP1 policy INSIDE-to-ISP1 match destination-address any
set security policies from-zone trust to-zone ISP1 policy INSIDE-to-ISP1 match application any
set security policies from-zone trust to-zone ISP1 policy INSIDE-to-ISP1 then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces irb.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust interfaces ge-0/0/7.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces ge-0/0/7.0 host-inbound-traffic system-services tftp
set security zones security-zone ISP2 interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone ISP2 interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone ISP1 interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
set security zones security-zone ISP1 interfaces ge-0/0/1.0 host-inbound-traffic system-services ssh
set security zones security-zone ISP1 interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp
set interfaces ge-0/0/0 description ISP2
set interfaces ge-0/0/0 unit 0 family inet address 10.2.10.142/30
set interfaces ge-0/0/1 description ISP1
set interfaces ge-0/0/1 unit 0 family inet address 10.1.10.2/24
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/7 unit 0 family inet
set interfaces irb unit 0 family inet address 192.168.1.1/24
set interfaces lo0 unit 0 family inet filter input ADMIN-FILTER
set routing-options static route 0.0.0.0/0 next-table ISP1.inet.0
set routing-options rib-groups ISP1-to-ISP2 import-rib ISP1.inet.0
set routing-options rib-groups ISP1-to-ISP2 import-rib ISP2.inet.0
set routing-options rib-groups ISP2-to-ISP1 import-rib ISP2.inet.0
set routing-options rib-groups ISP2-to-ISP1 import-rib ISP1.inet.0
set protocols l2-learning global-mode switching
set protocols rstp interface all
set policy-options prefix-list ADMIN-IPS 10.3.10.0/25
set firewall filter ADMIN-FILTER term BLOCK-NON-ADMIN from source-address 0.0.0.0/0
set firewall filter ADMIN-FILTER term BLOCK-NON-ADMIN from source-prefix-list ADMIN-IPS except
set firewall filter ADMIN-FILTER term BLOCK-NON-ADMIN from protocol tcp
set firewall filter ADMIN-FILTER term BLOCK-NON-ADMIN from destination-port ssh
set firewall filter ADMIN-FILTER term BLOCK-NON-ADMIN from destination-port https
set firewall filter ADMIN-FILTER term BLOCK-NON-ADMIN from destination-port telnet
set firewall filter ADMIN-FILTER term BLOCK-NON-ADMIN from destination-port http
set firewall filter ADMIN-FILTER term BLOCK-NON-ADMIN then discard
set firewall filter ADMIN-FILTER term accept_everything_else then accept
set access address-assignment pool junosDHCPPool family inet network 192.168.1.0/24
set access address-assignment pool junosDHCPPool family inet range junosRange low 192.168.1.2
set access address-assignment pool junosDHCPPool family inet range junosRange high 192.168.1.254
set access address-assignment pool junosDHCPPool family inet dhcp-attributes domain-name amerifreight.net
set access address-assignment pool junosDHCPPool family inet dhcp-attributes name-server 176.103.130.130
set access address-assignment pool junosDHCPPool family inet dhcp-attributes name-server 176.103.130.131
set access address-assignment pool junosDHCPPool family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool junosDHCPPool family inet dhcp-attributes router 192.168.1.1
set access address-assignment pool junosDHCPPool family inet dhcp-attributes propagate-settings ge-0/0/0.0
set routing-instances ISP1 instance-type virtual-router
set routing-instances ISP1 interface ge-0/0/1.0
set routing-instances ISP1 routing-options interface-routes rib-group inet ISP1-to-ISP2
set routing-instances ISP1 routing-options static route 0.0.0.0/0 next-hop 10.1.10.1
set routing-instances ISP2 instance-type virtual-router
set routing-instances ISP2 interface ge-0/0/0.0
set routing-instances ISP2 routing-options interface-routes rib-group inet ISP2-to-ISP1
set routing-instances ISP2 routing-options static route 0.0.0.0/0 next-hop 10.2.10.141
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface irb.0