system { host-name Phadia-SRX-FW; time-zone EST; root-authentication { encrypted-password ## SECRET-DATA } name-server { 8.8.8.8; 1.1.1.1; } login { user customer { uid 2002; class read-only; authentication { encrypted-password ## SECRET-DATA } } user service { uid 2001; class super-user; authentication { encrypted-password SECRET-DATA } } } services { ssh; web-management { https { system-generated-certificate; interface irb.0; } session { idle-timeout 60; } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } security { address-book { global { address PC { description "PC"; 192.168.0.101/32; } address ya { description ""; /32; } address ya2 { description ""; /32; } address Primary-DNS { description "Primary DNS Server"; 8.8.8.8/32; } address Secondary-DNS { description "Secondary DNS Server"; 1.1.1.1/32; } address OUTSIDE-INTERFACE { description "Static Provided by customer"; /32; } address-set DNS_SERVERS { description "DNS SERVER ADDRESSES"; address Primary-DNS; address Secondary-DNS; } } } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { address-persistent; interface { port-overloading off; } rule-set ya2 { from zone 1; to zone Internet; rule ya2 { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone 1 to-zone Internet { inactive: policy All_Access { description "Allow All Traffic Outbound"; match { source-address any; destination-address any; application any; } then { permit; log { session-init; session-close; } count; } } policy DNS_Servers { match { source-address PRIME-PC; destination-address DNS_SERVERS; application [ junos-dns-tcp junos-dns-udp ]; source-identity any; } then { permit; log { session-init; session-close; } count; } } policy ya2 { match { source-address any; destination-address LabCommunity; application junos-https; source-identity any; } then { permit; log { session-init; session-close; } count; } } policy ya1 { match { source-address any; destination-address LabNet; application junos-https; source-identity any; } then { permit; log { session-init; session-close; } count; } } policy Block_All_Traffic { description "Block All Traffic out of FireWall"; match { source-address any; destination-address any; application any; } then { deny; log { session-init; session-close; } count; } } } from-zone 1 to-zone 1 { policy Intranet { match { source-address any; destination-address any; application any; } then { permit; log { session-init; session-close; } } } } from-zone Internet to-zone 1 { inactive: policy ALL_ACCESS { description "Allow All Traffic through the Firewall"; match { source-address any; destination-address any; application any; source-identity any; } then { permit; log { session-init; session-close; } count; } } policy Block_All_Traffic { description "Block All Traffic into Firewall"; match { source-address any; destination-address any; application any; } then { deny; log { session-init; session-close; } count; } } } } zones { security-zone 1 { interfaces { irb.0 { host-inbound-traffic { system-services { ssh; ping; http; https; } } } } } security-zone Internet { interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { ping; dhcp; } } } } } } } interfaces { ge-0/0/0 { unit 0 { family inet { address "StaticIP"/23; } } } ge-0/0/1 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/2 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/3 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/4 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/5 { unit 0 { family ethernet-switching { vlan { members vlan0; } } } } ge-0/0/6 { unit 0 { family ethernet-switching { interface-mode access; vlan { members vlan0; } } } } ge-0/0/7 { unit 0 { family ethernet-switching { interface-mode access; vlan { members vlan0; } } } } irb { unit 0 { family inet { address 192.168.0.1/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop "GatewayIP"; } } protocols { l2-learning { global-mode switching; } } vlans { vlan0 { vlan-id 2; l3-interface irb.0; } }