system { host-name R1; root-authentication { encrypted-password "$1$n9jUhnsz$8yXN2S9Uhknaa2VlnDMfB0"; ## SECRET-DATA } login { user user { uid 2000; class super-user; authentication { encrypted-password "$1$cFm8fUGb$Fvp3p0qgR.89LMb3wS8Lt/"; ## SECRET-DATA } } } services { ftp; ssh; telnet { connection-limit 10; rate-limit 150; } web-management { http { interface [ ge-0/0/0.0 ge-0/0/1.1 ge-0/0/1.2 ge-0/0/1.3 ge-0/0/1.4 ge-0/0/3.0 ]; } } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } chassis { fpc 0 { pic 0 { tunnel-queuing; } } } interfaces { ge-0/0/0 { unit 0 { description to_ISP_10M; family inet { address 10.10.1.3/24; } } } gr-0/0/0 { per-unit-scheduler; unit 13 { description Tunnel_to_SovGavan; tunnel { source 10.10.1.3; destination 10.10.13.2; } family inet { filter { output out; } address 10.37.252.33/30; } copy-tos-to-outer-ip-header; } } ge-0/0/1 { description Trunk_to_Nortel8310; per-unit-scheduler; vlan-tagging; unit 1 { description KSPD; vlan-id 20; family inet { address 10.37.200.200/24; } } unit 2 { description RTCoMM_DFO; vlan-id 3; family inet { address 10.200.116.200/24; } } } ge-0/0/2 { unit 0 { description TO_RTComm; family inet { address 10.201.27.2/30; } } } ge-0/0/3 { unit 0 { description RTCOMM_OPFR; family inet { address 10.200.27.254/24 { primary; } address 10.200.27.2/24; } } } } snmp { community opfr { authorization read-only; } community public { authorization read-only; } } routing-options { static { route 10.10.0.0/16 next-hop 10.10.1.1; route 0.0.0.0/0 next-hop 10.201.27.1; route 10.200.77.0/24 next-hop 10.200.27.3; } router-id 192.168.1.1; } protocols { ospf { area 0.0.0.0 { interface ge-0/0/1.1; interface ge-0/0/1.2 { metric 128; } interface ge-0/0/3.0 { metric 128; } interface gr-0/0/0.13; } } } class-of-service { forwarding-classes { queue 0 q1; queue 1 q2; queue 2 q3; queue 3 q4; } interfaces { gr-0/0/0 { unit 13 { scheduler-map out; shaping-rate 2m; rewrite-rules { dscp QOS; } } } } rewrite-rules { dscp QOS { forwarding-class q3 { loss-priority low code-point ef; loss-priority high code-point ef; } forwarding-class q2 { loss-priority high code-point ef; loss-priority low code-point ef; } } } scheduler-maps { out { forwarding-class q1 scheduler data; forwarding-class q2 scheduler voip; forwarding-class q3 scheduler video; forwarding-class q4 scheduler nc; } } schedulers { data { transmit-rate remainder; buffer-size remainder; priority low; } voip { transmit-rate percent 30; buffer-size percent 30; priority strict-high; } nc { transmit-rate percent 5; buffer-size percent 5; priority high; } video { transmit-rate 512k; priority high; } } } security { zones { security-zone trust { host-inbound-traffic { system-services { any-service; } protocols { all; } } interfaces { all; } } } policies { from-zone trust to-zone trust { policy permit1 { match { source-address any; destination-address any; application any; } then { permit; count; } } } default-policy { permit-all; } } alg { dns disable; ftp disable; h323 disable; mgcp disable; real disable; rsh disable; rtsp disable; sccp disable; sip disable; sql disable; talk disable; tftp disable; pptp disable; } flow { allow-dns-reply; tcp-session { no-syn-check; no-syn-check-in-tunnel; no-sequence-check; } } } firewall { family inet { filter out { interface-specific; term voip { from { source-address { 10.37.253.254/32; } } then { loss-priority low; forwarding-class q2; accept; } } term polycom_voice { from { source-address { 10.200.27.198/32; 10.200.27.197/32; } precedence 2; } then { loss-priority low; forwarding-class q2; accept; } } term polycom_video { from { source-address { 10.200.27.198/32; 10.200.27.197/32; 10.200.27.199/32; 10.200.27.200/32; } precedence 4; } then { loss-priority medium-low; forwarding-class q3; accept; } } term polycom_video_MJC50 { from { source-address { 10.200.116.20/32; 10.200.116.21/32; } } then { loss-priority medium-low; forwarding-class q3; accept; } } term default { then { loss-priority high; forwarding-class q1; accept; } } term nc { from { dscp [ cs6 cs7 ]; } then { forwarding-class q4; accept; } } } } }