## Last changed: 2022-08-11 09:56:23 CEST version 20.2R3-S2.5; system { host-name srx300; root-authentication { encrypted-password "$6$Xg9a6lak$Xz0t00QLs.W0sixXUW6Nr3hmVInL0wFm1jXe7SUb0GIzkcR896/JNrXtAeZQBNYYedITWZ9VezQXAzmQmbBK1."; ## SECRET-DATA } services { ssh { root-login allow; } netconf { ssh; } dhcp-local-server { group maxxitPoolGroup { interface ge-0/0/1.0; interface irb.10; interface irb.20; } } web-management { http { interface [ ge-0/0/1.0 irb.10 irb.20 ]; } } } domain-name maxxit.org; time-zone Europe/Berlin; name-server { 192.168.1.2; 217.237.148.102; 8.8.8.8; } syslog { archive size 100k files 3; user * { any alert; } file messages { any alert; authorization info; } file interactive-commands { interactive-commands any; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } ntp { server 132.163.96.6 prefer; server 131.188.3.222 prefer; server 20.101.57.9 prefer; } } security { screen { ids-option inet-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set office-to-inet { from zone office; to zone inet; rule office-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set mgmt-to-inet { from zone mgmt; to zone inet; rule mgmt-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set wifi-to-inet { from zone wifi; to zone inet; rule wifi-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone office to-zone inet { policy office-to-inet { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone office to-zone office { policy office-to-office { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone mgmt to-zone inet { policy mgmt-to-inet { match { source-address any; destination-address any; application any; } then { permit; log { session-init; session-close; } } } } from-zone wifi to-zone wifi { policy wifi-to-wifi { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone wifi to-zone inet { policy wifi-to-inet { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone office { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { irb.10; } } security-zone mgmt { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/1.0; } } security-zone wifi { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { irb.20; } } security-zone inet { screen inet-screen; interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { dhcp; tftp; https; all; } protocols { all; } } } ge-0/0/7.0 { host-inbound-traffic { system-services { dhcp; tftp; } protocols { all; } } } } } } } interfaces { ge-0/0/0 { description "exit to T-DSL Modem"; link-mode full-duplex; gigether-options { flow-control; auto-negotiation; } unit 0 { description "eth0 to T-DSL Router (temporary)"; family inet { address 192.168.1.3/28; } } } ge-0/0/1 { description "Management Zone without VLAN"; link-mode full-duplex; gigether-options { flow-control; auto-negotiation; } unit 0 { family inet { address 172.16.2.1/24; } } } ge-0/0/2 { description "VLAN Office 01"; unit 0 { family ethernet-switching { vlan { members vlan-office; } } } } ge-0/0/3 { description "VLAN Office 02"; unit 0 { family ethernet-switching { vlan { members vlan-office; } } } } ge-0/0/4 { description "VLAN Wifi 01"; unit 0 { family ethernet-switching { vlan { members vlan-wifi; } } } } ge-0/0/5 { description "VLAN Wifi 02"; unit 0 { family ethernet-switching { vlan { members vlan-wifi; } } } } ge-0/0/7 { description "Dead Iface to Inet with MiniPIM missing"; unit 0 { family inet { dhcp { update-server; } } } } irb { unit 10 { description vlan-office; family inet { address 172.16.3.1/24; } } unit 20 { description vlan-wifi; family inet { address 172.16.4.1/24; } } } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } } access { address-assignment { pool mgmtPool_Range { family inet { network 172.16.2.0/24; range mgmtRange { low 172.16.2.10; high 172.16.2.29; } dhcp-attributes { server-identifier 172.16.2.1; domain-name maxxit.mgmt; name-server { 192.168.1.2; 217.237.148.102; 8.8.8.8; } router { 172.16.2.1; } netbios-node-type b-node; propagate-settings ge-0/0/1.0; } } } pool officePool_Range { family inet { network 172.16.3.0/24; range officeRange { low 172.16.3.50; high 172.16.3.149; } dhcp-attributes { server-identifier 172.16.3.1; domain-name maxxit.office; name-server { 192.168.1.2; 217.237.148.102; 8.8.8.8; } router { 172.16.3.1; } netbios-node-type b-node; propagate-settings irb.10; } } } pool wifiPool_Range { family inet { network 172.16.4.0/24; range wifiRange { low 172.16.4.20; high 172.16.4.99; } dhcp-attributes { server-identifier 172.16.4.1; domain-name maxxit.wifi; name-server { 192.168.1.2; 176.103.130.131; 217.237.148.102; } router { 172.16.4.1; } netbios-node-type b-node; propagate-settings irb.20; } } } } } vlans { vlan-office { vlan-id 10; l3-interface irb.10; } vlan-wifi { vlan-id 20; l3-interface irb.20; } } protocols { l2-learning { global-mode switching; } rstp { interface all; } } routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.2; } }