version 15.1X49-D120.3; system { host-name FW01; time-zone GMT; root-authentication { encrypted-password "$5$OS2RgQUh$ZafN3.hT93d.Gbt8.whcMK0AvMtFCxMv6uFHA8Owk70"; } name-server { 8.8.8.8; 8.8.4.4; } name-resolution { no-resolve-on-input; } login { user admin { uid 2000; class super-user; authentication { encrypted-password "$5$RLFIO5d0$v5.hnV1e7fDD9QBJA2zWadi3dEq70sa6eWp/iTYDWA."; } } } services { ssh; telnet; xnm-clear-text; netconf { ssh; } web-management { https { system-generated-certificate; } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } ntp { server us.ntp.pool.org; } } security { flow { allow-dns-reply; } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set nsw_srcnat { from zone [ ADMIN BUILDING BYOD NETWORK PUPIL SERVER STAFF VOIP ]; to zone Internet; rule nsw-src-interface { match { source-address [ 10.15.50.0/22 10.15.12.0/24 10.15.100.0/22 10.15.140.0/24 10.15.60.0/22 10.15.220.0/22 10.15.0.0/24 10.15.200.0/22 ]; } then { source-nat { interface; } } } } } } policies { from-zone Internal to-zone Internet { policy All_Internal_Internet { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Internal to-zone Internal { policy allowallinternal { match { source-address any; destination-address any; application any; source-identity any; } then { permit; } } } global { policy allowall { match { source-address any; destination-address any; application any; source-identity any; } then { permit; } } } default-policy { permit-all; } } zones { security-zone Internal { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { irb.0; } } security-zone Internet { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { all; } } } } } security-zone SERVER { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/1.12; } } security-zone NETWORK { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/1.50; } } security-zone PUPIL { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/3.200; } } security-zone STAFF { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/2.100; } } security-zone VOIP { host-inbound-traffic { system-services { all; } protocols { all; } } } security-zone BUILDING { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/4.60; } } security-zone BYOD { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/5.220; } } security-zone ADMIN { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/4.500; } } security-zone staff; } } interfaces { ge-0/0/0 { unit 0 { family inet { address 10.70.72.10/21; } } } ge-0/0/1 { vlan-tagging; unit 12 { description SERVER; vlan-id 12; family inet { address 10.15.12.1/24; } } unit 50 { description NETWORK; vlan-id 50; family inet { address 10.15.50.1/22; } } } ge-0/0/2 { vlan-tagging; unit 100 { description STAFF; vlan-id 100; family inet { address 10.15.100.1/22; } } } ge-0/0/3 { vlan-tagging; unit 200 { description PUPIL; vlan-id 200; family inet { address 10.15.200.1/22; } } } ge-0/0/4 { vlan-tagging; unit 60 { description BUILDING; vlan-id 60; family inet { address 10.15.60.1/22; } } unit 500 { description ADMIN; vlan-id 500; family inet { address 10.15.0.1/24; } } } ge-0/0/5 { vlan-tagging; unit 220 { description BYOD; vlan-id 220; family inet { address 10.15.220.1/22; } } } ge-0/0/7 { unit 0; } ge-0/0/8 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/9 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/10 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/11 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/12 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/13 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/14 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/15 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } fxp0 { unit 0 { family inet { address 192.168.1.1/24; } } } irb { unit 0 { family inet { address 192.168.2.1/24; } } } } forwarding-options { helpers { traceoptions { file bootp size 100m; level all; flag all; } bootp { description DHCP; maximum-hop-count 10; minimum-wait-time 300; client-response-ttl 20; interface { ge-0/0/2.100 { server 10.15.12.103; maximum-hop-count 16; minimum-wait-time 400; client-response-ttl 30; } ge-0/0/1.12 { broadcast; server 10.15.12.103; maximum-hop-count 16; minimum-wait-time 400; client-response-ttl 30; } } } } } routing-options { static { route 0.0.0.0/0 next-hop 10.70.72.1; } } protocols { l2-learning { global-mode switching; } } vlans { vlan0 { vlan-id 2; l3-interface irb.0; } }