root@SRX-01-LAB# show | display set | no-more
set version 12.1X46-D35.1
set system host-name SRX-01-LAB
set system root-authentication encrypted-password "$1$JRonV7Y0$EubQspCN0e.qjiBYV11qv1"
set system name-server 208.67.222.222
set system name-server 208.67.220.220
set system services ssh
set system services telnet
set system services xnm-clear-text
set system services web-management http interface vlan.0
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.0
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces fe-0/0/0 unit 0 family inet
set interfaces fe-0/0/1 unit 0 family inet
set interfaces fe-0/0/2 unit 0 family ethernet-switching
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan20
set interfaces fe-0/0/4 unit 0 family inet address 213.167.56.132/24
set interfaces fe-0/0/5 unit 0 family inet address 213.167.60.116/24
set interfaces fe-0/0/6 unit 0 family inet
set interfaces fe-0/0/7 unit 0 family inet
set interfaces fxp0 unit 0 family inet address 10.66.6.2/24
set interfaces vlan unit 20 family inet filter input FILTER1
set interfaces vlan unit 20 family inet address 172.17.20.1/24
set routing-options interface-routes rib-group inet IMPORT-CIFRA1
set routing-options static route 0.0.0.0/0 next-hop 217.12.253.225
set routing-options static route 0.0.0.0/0 next-hop 213.167.56.133
set routing-options static route 0.0.0.0/0 next-hop 213.167.60.117
set routing-options static route 0.0.0.0/0 preference 20
set routing-options rib-groups IMPORT-CIFRA1 import-rib rt-cifra1-test.inet.0
set routing-options rib-groups IMPORT-CIFRA1 import-rib rt-cifra1-all.inet.0
set routing-options rib-groups IMPORT-CIFRA1 import-rib rt-rcs.inet.0
set routing-options rib-groups IMPORT-CIFRA1 import-rib inet.0
set protocols rstp
set security nat source pool cifra1-test address 213.167.60.118/32
set security nat source pool cifra1-all address 213.167.56.134/32
set security nat source rule-set rs1 from zone trust
set security nat source rule-set rs1 to zone untrust
set security nat source rule-set rs1 rule test-cifra1 match source-address 172.17.20.28/32
set security nat source rule-set rs1 rule test-cifra1 match destination-address 0.0.0.0/0
set security nat source rule-set rs1 rule test-cifra1 then source-nat pool cifra1-test
set security nat source rule-set rs1 rule r1 match source-address 0.0.0.0/0
set security nat source rule-set rs1 rule r1 match destination-address 0.0.0.0/0
set security nat source rule-set rs1 rule r1 then source-nat pool cifra1-all
set security nat proxy-arp interface fe-0/0/4.0 address 213.167.56.134/32
set security nat proxy-arp interface fe-0/0/5.0 address 213.167.60.118/32
set security policies from-zone trust to-zone trust policy 1 match source-address any
set security policies from-zone trust to-zone trust policy 1 match destination-address any
set security policies from-zone trust to-zone trust policy 1 match application any
set security policies from-zone trust to-zone trust policy 1 then permit
set security policies from-zone untrust to-zone trust policy 1 match source-address any
set security policies from-zone untrust to-zone trust policy 1 match destination-address any
set security policies from-zone untrust to-zone trust policy 1 match application any
set security policies from-zone untrust to-zone trust policy 1 then permit
set security policies from-zone untrust to-zone untrust policy 2 match source-address any
set security policies from-zone untrust to-zone untrust policy 2 match destination-address any
set security policies from-zone untrust to-zone untrust policy 2 match application any
set security policies from-zone untrust to-zone untrust policy 2 then permit
set security policies from-zone trust to-zone untrust policy 1 match source-address any
set security policies from-zone trust to-zone untrust policy 1 match destination-address any
set security policies from-zone trust to-zone untrust policy 1 match application any
set security policies from-zone trust to-zone untrust policy 1 then permit
set security zones security-zone trust interfaces fe-0/0/3.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces fe-0/0/3.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces vlan.20 host-inbound-traffic system-services all
set security zones security-zone trust interfaces vlan.20 host-inbound-traffic protocols all
set security zones security-zone untrust interfaces fe-0/0/4.0 host-inbound-traffic system-services all
set security zones security-zone untrust interfaces fe-0/0/4.0 host-inbound-traffic protocols all
set security zones security-zone untrust interfaces fe-0/0/5.0 host-inbound-traffic system-services all
set security zones security-zone untrust interfaces fe-0/0/5.0 host-inbound-traffic protocols all
set firewall filter FILTER1 term TERM-test from source-address 172.17.20.28/32
set firewall filter FILTER1 term TERM-test then routing-instance rt-cifra1-test
set firewall filter FILTER1 term pod-allow from destination-address 192.168.0.0/16
set firewall filter FILTER1 term pod-allow then accept
set firewall filter FILTER1 term mgmt-allow from destination-address 172.16.0.0/12
set firewall filter FILTER1 term mgmt-allow then accept
set firewall filter FILTER1 term default then routing-instance rt-cifra1-all
set routing-instances rt-cifra1-all instance-type forwarding
set routing-instances rt-cifra1-all routing-options static route 0.0.0.0/0 next-hop 213.167.56.133
set routing-instances rt-cifra1-all routing-options static route 0.0.0.0/0 qualified-next-hop 213.167.60.117 preference 100
set routing-instances rt-cifra1-test instance-type forwarding
set routing-instances rt-cifra1-test routing-options static route 0.0.0.0/0 next-hop 213.167.60.117
set routing-instances rt-cifra1-test routing-options static route 0.0.0.0/0 qualified-next-hop 213.167.56.133 preference 100
set routing-instances rt-rcs instance-type forwarding
set routing-instances rt-rcs routing-options static route 0.0.0.0/0 next-hop 217.12.253.225
set applications application PI protocol tcp
set applications application PI destination-port 5450
set applications application PI description "OISOFT PI"
set vlans vlan20 vlan-id 20
set vlans vlan20 l3-interface vlan.20