root@vsrx-milan> show configuration | display set 
set version 12.1X47-D15.4
set system host-name vsrx-milan
set system root-authentication encrypted-password "$1$Fq5ozihp$X/BSJvw9QZoXF7I.oBl7Y."
set system services ssh
set system services web-management http interface ge-0/0/0.0
set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server 7.7.7.7
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.254/24
set interfaces gr-0/0/0 unit 1 tunnel source 74.13.13.11
set interfaces gr-0/0/0 unit 1 tunnel destination 93.12.12.33
set interfaces gr-0/0/0 unit 1 family inet address 172.16.0.10/30
set interfaces ge-0/0/1 unit 0 family inet address 74.13.13.11/28
set interfaces st0 unit 1 family inet address 172.16.0.1/30
set interfaces st0 unit 2 family inet address 172.16.0.5/30
set interfaces st0 unit 3 family inet address 172.16.0.10/30
set routing-options static route 0.0.0.0/0 next-hop 74.13.13.12
set routing-options static route 192.168.20.0/24 next-hop st0.1
set routing-options static route 172.16.10.0/24 next-hop st0.2
set routing-options static route 172.16.20.0/24 next-hop st0.3
set security ike proposal IKE_PROPOSAL_01 authentication-method pre-shared-keys
set security ike proposal IKE_PROPOSAL_01 dh-group group5
set security ike proposal IKE_PROPOSAL_01 authentication-algorithm sha-384
set security ike proposal IKE_PROPOSAL_01 encryption-algorithm aes-256-cbc
set security ike proposal IKE_PROPOSAL_01 lifetime-seconds 86400
set security ike proposal IKE_PROPOSAL_02 authentication-method pre-shared-keys
set security ike proposal IKE_PROPOSAL_02 dh-group group2
set security ike proposal IKE_PROPOSAL_02 authentication-algorithm md5
set security ike proposal IKE_PROPOSAL_02 encryption-algorithm des-cbc
set security ike proposal IKE_PROPOSAL_02 lifetime-seconds 86400
set security ike policy IKE_POLICY_UBI mode main
set security ike policy IKE_POLICY_UBI proposals IKE_PROPOSAL_02
set security ike policy IKE_POLICY_UBI pre-shared-key ascii-text "$9$GEim5Tz6pORQFu1REyrYg4oDiHqm"
set security ike gateway IKE_GATEWAY_UBI_TURIN ike-policy IKE_POLICY_UBI
set security ike gateway IKE_GATEWAY_UBI_TURIN address 93.12.12.23
set security ike gateway IKE_GATEWAY_UBI_TURIN dead-peer-detection interval 10
set security ike gateway IKE_GATEWAY_UBI_TURIN dead-peer-detection threshold 3
set security ike gateway IKE_GATEWAY_UBI_TURIN external-interface ge-0/0/1.0
set security ike gateway IKE_GATEWAY_UBI_VENICE ike-policy IKE_POLICY_UBI
set security ike gateway IKE_GATEWAY_UBI_VENICE address 93.12.12.13
set security ike gateway IKE_GATEWAY_UBI_VENICE external-interface ge-0/0/1.0
set security ike gateway IKE_GATEWAY_UBI_ROME ike-policy IKE_POLICY_UBI
set security ike gateway IKE_GATEWAY_UBI_ROME address 93.12.12.33
set security ike gateway IKE_GATEWAY_UBI_ROME external-interface st0.3
set security ipsec proposal IPSEC_PROPOSAL_01 protocol esp
set security ipsec proposal IPSEC_PROPOSAL_01 authentication-algorithm hmac-sha1-96
set security ipsec proposal IPSEC_PROPOSAL_01 encryption-algorithm aes-256-cbc
set security ipsec proposal IPSEC_PROPOSAL_01 lifetime-seconds 3600
set security ipsec proposal IPSEC_PROPOSAL_02 protocol esp
set security ipsec proposal IPSEC_PROPOSAL_02 authentication-algorithm hmac-md5-96
set security ipsec proposal IPSEC_PROPOSAL_02 encryption-algorithm des-cbc
set security ipsec proposal IPSEC_PROPOSAL_02 lifetime-seconds 3600
set security ipsec policy IPSEC_POLICY_UBI perfect-forward-secrecy keys group2
set security ipsec policy IPSEC_POLICY_UBI proposals IPSEC_PROPOSAL_02
set security ipsec vpn IPSEC_VPN_UBI_TURIN bind-interface st0.1
set security ipsec vpn IPSEC_VPN_UBI_TURIN vpn-monitor optimized
set security ipsec vpn IPSEC_VPN_UBI_TURIN ike gateway IKE_GATEWAY_UBI_TURIN
set security ipsec vpn IPSEC_VPN_UBI_TURIN ike ipsec-policy IPSEC_POLICY_UBI
set security ipsec vpn IPSEC_VPN_UBI_TURIN establish-tunnels immediately
set security ipsec vpn IPSEC_VPN_UBI_VENICE bind-interface st0.2
set security ipsec vpn IPSEC_VPN_UBI_VENICE vpn-monitor optimized
set security ipsec vpn IPSEC_VPN_UBI_VENICE ike gateway IKE_GATEWAY_UBI_VENICE
set security ipsec vpn IPSEC_VPN_UBI_VENICE ike ipsec-policy IPSEC_POLICY_UBI
set security ipsec vpn IPSEC_VPN_UBI_VENICE establish-tunnels immediately
set security ipsec vpn IPSEC_VPN_UBI_ROME bind-interface st0.3
set security ipsec vpn IPSEC_VPN_UBI_ROME vpn-monitor optimized
set security ipsec vpn IPSEC_VPN_UBI_ROME ike gateway IKE_GATEWAY_UBI_ROME
set security ipsec vpn IPSEC_VPN_UBI_ROME ike ipsec-policy IPSEC_POLICY_UBI
set security ipsec vpn IPSEC_VPN_UBI_ROME establish-tunnels immediately
set security address-book global address n192.168.20.0_24 192.168.20.0/24
set security address-book global address n192.168.100.0_24 192.168.100.0/24
set security address-book global address n172.16.10.0_24 172.16.10.0/24
set security address-book global address n172.16.20.0_24 172.16.20.0/24
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood queue-size 2000
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set GRT_NAT_RULES from zone trust
set security nat source rule-set GRT_NAT_RULES to zone untrust
set security nat source rule-set GRT_NAT_RULES rule PAT_FOR_INTERNET match source-address 192.168.100.0/24
set security nat source rule-set GRT_NAT_RULES rule PAT_FOR_INTERNET match destination-address 0.0.0.0/0
set security nat source rule-set GRT_NAT_RULES rule PAT_FOR_INTERNET then source-nat interface
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies from-zone untrust to-zone trust policy default-deny match source-address any
set security policies from-zone untrust to-zone trust policy default-deny match destination-address any
set security policies from-zone untrust to-zone trust policy default-deny match application any
set security policies from-zone untrust to-zone trust policy default-deny then deny
set security policies from-zone trust to-zone vpn policy VPN_UBI match source-address n192.168.100.0_24
set security policies from-zone trust to-zone vpn policy VPN_UBI match destination-address n192.168.20.0_24
set security policies from-zone trust to-zone vpn policy VPN_UBI match destination-address n172.16.10.0_24
set security policies from-zone trust to-zone vpn policy VPN_UBI match destination-address n172.16.20.0_24
set security policies from-zone trust to-zone vpn policy VPN_UBI match application any
set security policies from-zone trust to-zone vpn policy VPN_UBI then permit
set security policies from-zone vpn to-zone trust policy VPN_UBI match source-address n192.168.20.0_24
set security policies from-zone vpn to-zone trust policy VPN_UBI match source-address n172.16.10.0_24
set security policies from-zone vpn to-zone trust policy VPN_UBI match source-address n172.16.20.0_24
set security policies from-zone vpn to-zone trust policy VPN_UBI match destination-address n192.168.100.0_24
set security policies from-zone vpn to-zone trust policy VPN_UBI match application any
set security policies from-zone vpn to-zone trust policy VPN_UBI then permit
set security policies from-zone vpn to-zone vpn policy VPN_UBI match source-address n172.16.10.0_24
set security policies from-zone vpn to-zone vpn policy VPN_UBI match source-address n192.168.20.0_24
set security policies from-zone vpn to-zone vpn policy VPN_UBI match destination-address n172.16.10.0_24
set security policies from-zone vpn to-zone vpn policy VPN_UBI match destination-address n192.168.20.0_24
set security policies from-zone vpn to-zone vpn policy VPN_UBI match destination-address n172.16.20.0_24
set security policies from-zone vpn to-zone vpn policy VPN_UBI match application any
set security policies from-zone vpn to-zone vpn policy VPN_UBI then permit
set security policies from-zone trust to-zone junos-host policy PERMIT-ICMP-ONLY match source-address any
set security policies from-zone trust to-zone junos-host policy PERMIT-ICMP-ONLY match destination-address any
set security policies from-zone trust to-zone junos-host policy PERMIT-ICMP-ONLY match application junos-icmp-ping
set security policies from-zone trust to-zone junos-host policy PERMIT-ICMP-ONLY then permit
set security policies from-zone trust to-zone junos-host policy DENY-ALL match source-address any
set security policies from-zone trust to-zone junos-host policy DENY-ALL match destination-address any
set security policies from-zone trust to-zone junos-host policy DENY-ALL match application any
set security policies from-zone trust to-zone junos-host policy DENY-ALL then deny
deactivate security policies from-zone trust to-zone junos-host
set security policies global policy DENY-ALL match source-address any
set security policies global policy DENY-ALL match destination-address any
set security policies global policy DENY-ALL match application any
set security policies global policy DENY-ALL then deny
set security policies global policy DENY-ALL then log session-close
set security policies global policy DENY-ALL then count
set security policies policy-rematch    
set security zones security-zone trust tcp-rst
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services ike
set security zones security-zone vpn interfaces st0.1 host-inbound-traffic system-services ping
set security zones security-zone vpn interfaces st0.2 host-inbound-traffic system-services ping
set security zones security-zone vpn interfaces gr-0/0/0.1 host-inbound-traffic system-services ping
set security zones security-zone vpn interfaces st0.3 host-inbound-traffic system-services ping

root@vsrx-milan>