system { host-name R2; root-authentication { encrypted-password "$1$jltRf7Vv$sqyIaKJuRYP80WdRiHAWz."; ## SECRET-DATA } login { user user { uid 2001; class super-user; authentication { encrypted-password "$1$PR/XDdVK$Km3Aiykz0ycxMdYJjxCor/"; ## SECRET-DATA } } } services { ssh; telnet; web-management { http { interface [ ge-0/0/0.0 ge-0/0/3.0 gr-0/0/0.0 ]; } } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } chassis { fpc 0 { pic 0 { tunnel-queuing; } } } interfaces { ge-0/0/0 { unit 0 { description to_ISP; family inet { address 10.10.13.2/30; } } } gr-0/0/0 { description tunnel_to_OPFR; per-unit-scheduler; unit 0 { tunnel { source 10.10.13.2; destination 10.10.1.3; } family inet { filter { output out; } address 10.37.252.34/30; } copy-tos-to-outer-ip-header; } } ge-0/0/1 { description to_Lan; unit 0 { family inet { address 10.37.13.254/24; } } } ge-0/0/2 { unit 0 { description to_Media; family inet { address 10.37.213.1/24; } } } ge-0/0/3 { description to_Media; unit 0 { family inet { address 10.37.27.22/30; } } } } snmp { community opfr { authorization read-only; } } routing-options { static { route 10.10.0.0/16 next-hop 10.10.13.1; route 10.201.116.0/30 next-hop 10.37.27.21; route 0.0.0.0/0 next-hop 10.37.252.33; } } protocols { ospf { area 0.0.0.0 { interface ge-0/0/2.0; interface gr-0/0/0.0; interface ge-0/0/1.0; } } } class-of-service { forwarding-classes { queue 0 q1; queue 1 q2; queue 2 q3; queue 3 q4; } interfaces { gr-0/0/0 { unit 0 { scheduler-map out; shaping-rate 2m; } } } scheduler-maps { out { forwarding-class q1 scheduler data; forwarding-class q2 scheduler voip; forwarding-class q4 scheduler nc; forwarding-class q3 scheduler video; } } schedulers { data { transmit-rate percent 40; buffer-size percent 70; priority low; } voip { transmit-rate percent 15; buffer-size percent 10; priority strict-high; } nc { transmit-rate percent 5; buffer-size percent 5; priority high; } video { transmit-rate percent 40; buffer-size percent 15; priority high; } } } security { zones { security-zone trust { tcp-rst; interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { http; https; ssh; telnet; dhcp; all; } protocols { all; } } } ge-0/0/1.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } ge-0/0/2.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } gr-0/0/0.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } ge-0/0/3.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } } policies { default-policy { permit-all; } } alg { dns disable; ftp disable; h323 disable; mgcp disable; msrpc disable; sunrpc disable; real disable; rsh disable; rtsp disable; sccp disable; sip disable; sql disable; talk disable; tftp disable; pptp disable; } flow { tcp-session { no-syn-check; no-syn-check-in-tunnel; no-sequence-check; } } } firewall { family inet { filter out { interface-specific; term voip { from { source-address { 10.37.253.13/32; } protocol udp; } then { loss-priority medium-low; forwarding-class q2; accept; } } term default { then { loss-priority high; forwarding-class q1; accept; } } term nc { from { protocol ospf; } then { loss-priority high; forwarding-class q4; accept; } } term polycom_audio { from { source-address { 10.37.213.15/32; } precedence 5; } then { loss-priority medium-low; forwarding-class q2; accept; } } term polycom_video { from { source-address { 10.37.213.15/32; } precedence 4; } then { loss-priority medium-low; forwarding-class q3; accept; } } } } }