ECMP (load balance): -------------------- routing-options { static { route 0.0.0.0/0 next-hop [ 122.x.x.x 192.168.5.1(dsl) ]; } forwarding-table { export LOAD-BALANCE; } policy-options { policy-statement LOAD-BALANCE { then { load-balance per-packet; } } EWF: ---- utm { feature-profile { web-filtering { type juniper-enhanced; juniper-enhanced { profile junos-wf-enhanced-default { category { Enhanced_Social_Web_Facebook { action block; } Enhanced_Social_Web_Youtube { action block; } Enhanced_Social_Web_Twitter { action block; } } } profile wf-enhanced-offhours { category { Enhanced_Adult_Material { action block; } Enhanced_Illegal_or_Questionable { action block; } Enhanced_Violence { action block; } Enhanced_Drugs { action block; } Enhanced_Gambling { action block; } Enhanced_Nudity { action block; } Enhanced_Adult_Content { action block; } Enhanced_Sex { action block; } Enhanced_Hacking { action block; } Enhanced_Gay_or_Lesbian_or_Bisexual_Interest { action block; } Enhanced_MP3_and_Audio_Download_Services { action block; } Enhanced_Sex_Education { action block; } Enhanced_Peer_to_Peer_File_Sharing { action block; } } default block; fallback-settings { default log-and-permit; server-connectivity log-and-permit; timeout log-and-permit; too-many-requests log-and-permit; } } } } } utm-policy Wf_OffHours_Policy { web-filtering { http-profile wf-enhanced-offhours; } traffic-options { sessions-per-client { over-limit log-and-permit; } } } } NAT: ---- nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } rule-set set2 { from zone junos-host; to zone untrust; rule r2 { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } Security Policy: ---------------- policies { from-zone trust to-zone untrust { policy SecurityPolicy_OffHours { description "Security Policy during working off hours"; match { source-address any; destination-address any; application any; } then { permit { application-services { idp; utm-policy Wf_OffHours_Policy; application-firewall { rule-set APPFIREWALL_RULESET; } } } log { session-init; session-close; } } scheduler-name Working_off_hours;