root@SRX_2# show | no-more ## Last changed: 2012-03-09 00:56:35 CET version 11.4R1.6; system { host-name SRX_2; domain-name xxxxxxxxxxxxx.it; time-zone Europe/Rome; root-authentication { encrypted-password "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA } name-server { 208.67.222.222; 208.67.220.220; } services { ssh; telnet; xnm-clear-text; web-management { http { interface ge-0/0/0.0; } https { system-generated-certificate; } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { ge-0/0/0 { unit 0 { family inet { filter { input F1; } address 10.101.11.3/16; } } } ge-0/0/1 { unit 0 { family inet { filter { input F2; } address 192.168.5.1/24; } } } fe-0/0/2 { unit 0 { family inet { address XXX.XXX.118.58/29; } } } fe-0/0/3 { unit 0 { family inet { address 192.168.21.1/24; } } } lo0 { unit 0 { family inet { address 10.101.11.103/16; } } } } routing-options { interface-routes { rib-group inet fbf-group; } static { route 0.0.0.0/0 { next-hop XXX.XXX.118.57; qualified-next-hop 10.101.11.2 { preference 10; } } } rib-groups { fbf-group { import-rib [ inet.0 FBF-1.inet.0 FBF-2.inet.0 ]; } } } security { nat { source { rule-set INTERNET_NAT { from zone trust; to zone untrust; rule INTERNET_ACCESS { match { source-address 10.101.0.0/16; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone trust to-zone untrust { policy TUTTI { match { source-address LAN_101; destination-address any; application BASE; } then { permit; log { session-init; session-close; } count; } } } from-zone trust to-zone trust { policy INTRA-ZONE { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone untrust { host-inbound-traffic { system-services { ping; } } interfaces { fe-0/0/2.0; } } security-zone trust { address-book { address LAN_101 10.101.0.0/16; } host-inbound-traffic { system-services { ping; ssh; http; https; telnet; } protocols { all; } } interfaces { ge-0/0/0.0; } } security-zone untrust_FONIA { address-book { address Fonia_Untrust 192.168.21.0/24; } host-inbound-traffic { system-services { ping; } } interfaces { fe-0/0/3.0; } } security-zone trust_FONIA { address-book { address Fonia_Trust 192.168.5.0/24; } host-inbound-traffic { system-services { ping; ssh; http; https; telnet; } } interfaces { ge-0/0/1.0; } } } } firewall { filter F1 { term 1 { then { routing-instance FBF-1; } } } filter F2 { term 1 { then { routing-instance FBF-2; } } } } routing-instances { FBF-1 { instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop XXX.XXX.118.57; } } } FBF-2 { instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop 192.168.21.254; } } } } services { rpm { probe Probe-Server { test testsvr { target address 173.194.35.24; probe-count 10; probe-interval 5; test-interval 10; thresholds { successive-loss 10; total-loss 5; } destination-interface fe-0/0/2.0; next-hop XXX.XXX.118.57; } } probe Probe-Server1 { test testsvr { target address 173.194.35.24; probe-count 10; probe-interval 5; test-interval 10; thresholds { successive-loss 10; total-loss 5; } destination-interface fe-0/0/3.0; next-hop 192.168.21.254; } } } ip-monitoring { policy Server-Tracking { match { rpm-probe Probe-Server; } then { preferred-route { routing-instances FBF-1 { route 0.0.0.0/0 { next-hop 10.101.11.2; } } } } } policy Server-Tracking1 { match { rpm-probe Probe-Server1; } then { preferred-route { routing-instances FBF-2 { route 0.0.0.0/0 { next-hop XXX.XXX.118.57; } } } } } } } applications { application-set BASE { application junos-http; application junos-https; application junos-ftp; application junos-dns-tcp; application junos-dns-udp; application junos-ping; application junos-mail; application junos-smtp; application junos-pop3; } }