interfaces { ge-0/0/0 { unit 0 { description Trust; family inet { address 10.110.1.1/22; } } } ge-0/0/1 { unit 0 { family inet { address 10.170.167.1/32; } } } ge-0/0/2 { speed 1g; link-mode full-duplex; unit 0 { description Untrust; family inet { address XXX.XXX.14.81/28; } } } ge-0/0/3 { speed 1g; link-mode full-duplex; unit 0 { family inet { address 10.19.250.2/28; } } } } routing-options { static { route 0.0.0.0/0 next-hop XXX.XXX.14.94; } auto-export { disable; } } nat { source { rule-set OutboundNATfromTrust { from zone Trust; to zone Untrust; rule OutboundNATfromTrust { match { source-address 10.110.0.1/22; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set source-nat-1 { from zone AMAG; to zone Untrust; rule matchAny { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } destination { pool Internal-Dot1 { address 10.110.0.1/32; } pool Internal-Dot21 { address 10.110.1.21/32; } pool Internal-Dot24 { address 10.110.1.24/32; } pool Internal-Dot28 { address 10.110.1.28/32; } pool Internal-Dot27 { address 10.110.1.27/32; } pool Internal-Dot31 { address 10.110.0.31/32; } pool Internal-Dot37 { address 10.110.0.37/32; } pool Internal-Dot50 { address 10.110.0.50/32; } rule-set NAT-Untrust-To-Trust { from zone Untrust; rule Dest-NAT-82-Port443 { match { destination-address XXX.XXX.14.82/32; destination-port 443; } then { destination-nat pool Internal-Dot1; } } rule Dest-NAT-82-Port80 { match { destination-address XXX.XXX.14.82/32; destination-port 80; } then { destination-nat pool Internal-Dot1; } } rule Dest-NAT-82-Port143 { match { destination-address XXX.XXX.14.82/32; destination-port 143; } then { destination-nat pool Internal-Dot1; } } rule Dest-NAT-82-Port993 { match { destination-address XXX.XXX.14.82/32; destination-port 993; } then { destination-nat pool Internal-Dot1; } } rule Dest-NAT-82-Port25 { match { destination-address XXX.XXX.14.82/32; destination-port 25; } then { destination-nat pool Internal-Dot1; } } rule Dest-NAT-83-Port3389 { match { destination-address XXX.XXX.14.83/32; destination-port 3389; } then { destination-nat pool Internal-Dot21; } } rule Dest-NAT-83-Port443 { match { destination-address XXX.XXX.14.83/32; destination-port 443; } then { destination-nat pool Internal-Dot21; } } rule Dest-NAT-83-Port5480 { match { destination-address XXX.XXX.14.83/32; destination-port 5480; } then { destination-nat pool Internal-Dot21; } } rule Dest-NAT-84-Port443 { match { destination-address XXX.XXX.14.84/32; destination-port 443; } then { destination-nat pool Internal-Dot24; } } rule Dest-NAT-84-Port80 { match { destination-address XXX.XXX.14.84/32; destination-port 80; } then { destination-nat pool Internal-Dot24; } } rule Dest-NAT-85-Port443 { match { destination-address XXX.XXX.14.85/32; destination-port 443; } then { destination-nat pool Internal-Dot28; } } rule Dest-NAT-86-Port443 { match { destination-address XXX.XXX.14.86/32; destination-port 443; } then { destination-nat pool Internal-Dot27; } } rule Dest-NAT-86-Port80 { match { destination-address XXX.XXX.14.86/32; destination-port 80; } then { destination-nat pool Internal-Dot27; } } rule Dest-NAT-86-Port8087 { match { destination-address XXX.XXX.14.86/32; destination-port 8087; } then { destination-nat pool Internal-Dot27; } } rule Dest-NAT-86-Port8189 { match { destination-address XXX.XXX.14.86/32; destination-port 8189; } then { destination-nat pool Internal-Dot27; } } rule Dest-NAT-87-Port443 { match { destination-address XXX.XXX.14.87/32; destination-port 443; } then { destination-nat pool Internal-Dot31; } } rule Dest-NAT-87-Port5000 { match { destination-address XXX.XXX.14.87/32; destination-port 5000; } then { destination-nat pool Internal-Dot31; } } rule Dest-NAT-87-Port5001 { match { destination-address XXX.XXX.14.87/32; destination-port 5001; } then { destination-nat pool Internal-Dot31; } } rule Dest-NAT-87-Port7000 { match { destination-address XXX.XXX.14.87/32; destination-port 7000; } then { destination-nat pool Internal-Dot31; } } rule Dest-NAT-87-Port7001 { match { destination-address XXX.XXX.14.87/32; destination-port 7001; } then { destination-nat pool Internal-Dot31; } } rule Dest-NAT-87-Port5005 { match { destination-address XXX.XXX.14.87/32; destination-port 5005; } then { destination-nat pool Internal-Dot31; } } rule Dest-NAT-87-Port5006 { match { destination-address XXX.XXX.14.87/32; destination-port 5006; } then { destination-nat pool Internal-Dot31; } } rule Dest-NAT-88-Port443 { match { destination-address XXX.XXX.14.88/32; destination-port 443; } then { destination-nat pool Internal-Dot37; } } rule Dest-NAT-88-Port80 { match { destination-address XXX.XXX.14.88/32; destination-port 80; } then { destination-nat pool Internal-Dot37; } } rule Dest-NAT-88-Port21 { match { destination-address XXX.XXX.14.88/32; destination-port 21; } then { destination-nat pool Internal-Dot37; } } rule Dest-NAT-88-Port5000 { match { destination-address XXX.XXX.14.88/32; destination-port 5000; } then { destination-nat pool Internal-Dot37; } } rule Dest-NAT-88-Port5001 { match { destination-address XXX.XXX.14.88/32; destination-port 5001; } then { destination-nat pool Internal-Dot37; } } rule Dest-NAT-88-Port7000 { match { destination-address XXX.XXX.14.88/32; destination-port 7000; } then { destination-nat pool Internal-Dot37; } } rule Dest-NAT-88-Port7001 { match { destination-address XXX.XXX.14.88/32; destination-port 7001; } then { destination-nat pool Internal-Dot37; } } rule Dest-NAT-88-Port5005 { match { destination-address XXX.XXX.14.88/32; destination-port 5005; } then { destination-nat pool Internal-Dot37; } } rule Dest-NAT-88-Port5006 { match { destination-address XXX.XXX.14.88/32; destination-port 5006; } then { destination-nat pool Internal-Dot37; } } rule Dest-NAT-89-Port5480 { match { destination-address XXX.XXX.14.89/32; destination-port 5480; } then { destination-nat pool Internal-Dot50; } } } } proxy-arp { interface ge-0/0/2.0 { address { XXX.XXX.14.82/32; XXX.XXX.14.83/32; XXX.XXX.14.84/32; XXX.XXX.14.85/32; XXX.XXX.14.86/32; XXX.XXX.14.87/32; XXX.XXX.14.88/32; XXX.XXX.14.89/32; } } interface ge-0/0/0.0 { address { 10.110.10.3/32; } } } } zones { security-zone Trust { tcp-rst; address-book { address MIPXXX.XXX.14.82 XXX.XXX.14.82/32; address MIPXXX.XXX.14.83 XXX.XXX.14.83/32; address MIPXXX.XXX.14.84 XXX.XXX.14.84/32; address MIPXXX.XXX.14.85 XXX.XXX.14.85/32; address MIPXXX.XXX.14.86 XXX.XXX.14.86/32; address MIPXXX.XXX.14.87 XXX.XXX.14.87/32; address MIPXXX.XXX.14.88 XXX.XXX.14.88/32; address MIPXXX.XXX.14.89 XXX.XXX.14.89/32; address 10.110.0.0/16 10.110.0.0/16; address 10.110.0.0/22 10.110.0.0/22; address 10.110.0.1/32 10.110.0.1/32; address 10.110.0.30/32 10.110.0.30/32; address 10.110.0.31/32 10.110.0.31/32; address 10.110.0.50/32 10.110.0.50/32; address 10.110.1.176/32 10.110.1.176/32; address 10.110.1.21/32 10.110.1.21/32; address 10.110.10.3/32 10.110.10.3/32; address 10.110.3.101/32 10.110.3.101/32; address 10.110.3.102/32 10.110.3.102/32; address 10.110.3.103/32 10.110.3.103/32; address 10.110.3.106/32 10.110.3.106/32; address 10.110.3.107/32 10.110.3.107/32; address 10.110.3.108/32 10.110.3.108/32; address 10.110.3.55/32 10.110.3.55/32; address 10.110.3.74/32 10.110.3.74/32; address 192.168.0.0/16 192.168.0.0/16; address 192.168.1.255/24 192.168.1.255/32; address 192.168.255.255/16 192.168.255.255/32; } host-inbound-traffic { system-services { http; https; ping; ssh; telnet; } } interfaces { ge-0/0/0.0; } } security-zone Untrust { address-book { address MIPXXX.XXX.14.82 XXX.XXX.14.82/32; address MIPXXX.XXX.14.83 XXX.XXX.14.83/32; address MIPXXX.XXX.14.84 XXX.XXX.14.84/32; address MIPXXX.XXX.14.85 XXX.XXX.14.85/32; address MIPXXX.XXX.14.86 XXX.XXX.14.86/32; address MIPXXX.XXX.14.87 XXX.XXX.14.87/32; address MIPXXX.XXX.14.88 XXX.XXX.14.88/32; address MIPXXX.XXX.14.89 XXX.XXX.14.89/32; address XXX.XXX.14.82/32 XXX.XXX.14.82/32; address XXX.XXX.14.83/32 XXX.XXX.14.83/32; address XXX.XXX.14.84/32 XXX.XXX.14.84/32; address XXX.XXX.14.85/32 XXX.XXX.14.85/32; address XXX.XXX.14.86/32 XXX.XXX.14.86/32; address XXX.XXX.14.87/32 XXX.XXX.14.87/32; address XXX.XXX.14.88/32 XXX.XXX.14.88/32; address XXX.XXX.14.89/32 XXX.XXX.14.89/32; } } screen Untrust_screen; interfaces { ge-0/0/2.0 { host-inbound-traffic { system-services { ping; } } } } }