policies { from-zone VLANs to-zone Internet { policy VLAN_Internet { description "VLANs to Internet"; match { source-address any; destination-address any; application any; } then { permit; log { session-init; } count; } } } from-zone VLANCorporate to-zone Internet { policy VLANCorpInternet { description "VLAN601 to Internet"; match { source-address any; destination-address any; application any; dynamic-application any; } then { permit; log { session-init; } count; } } } from-zone VLANGuest to-zone Internet { policy VLANGuestInternet { description "VLAN652 to Internet"; match { source-address any; destination-address any; application any; dynamic-application any; } then { permit; log { session-init; } count; } } } from-zone VLANGuest to-zone VLANCorporate { policy InterVLAN { description "VLANGuest to VLANCorporate"; match { source-address any; destination-address any; application any; dynamic-application any; } then { permit; log { session-init; } count; } } } from-zone VLANCorporate to-zone VLANGuest { policy InterVLAN2 { description "VLANCorporate to VLANGuest"; match { source-address any; destination-address any; application any; dynamic-application any; } then { permit; log { session-init; } count; } } } from-zone VLANGuest to-zone VLANs { policy InterVLAN3 { match { source-address any; destination-address any; application any; dynamic-application any; } then { permit; log { session-init; } count; } } } } zones { security-zone VLANs { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { irb.2; irb.3; irb.4; irb.5; } } security-zone VLANCorporate { description VLANCorporate; host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { irb.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } security-zone VLANGuest { description VLANGuest; host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { irb.1 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } } } interfaces { ge-0/0/3 { unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ VLAN1 VLAN2 VLAN3 VLANCorporate VLANGuest Switch-Mgmt ]; } } } } irb { unit 0 { family inet { address 192.168.10.1/23; } } unit 1 { family inet { address 192.168.20.1/22; } } unit 2 { family inet { address 192.168.30.1/22; } } unit 3 { family inet { address 192.168.40.1/22; } } unit 4 { family inet { address 192.168.50.1/22; } } unit 5 { family inet { address 192.168.60.1/25; } } } } vlans { VLAN1 { vlan-id 1254; l3-interface irb.4; } VLAN2 { vlan-id 851; l3-interface irb.3; } VLAN3 { vlan-id 850; l3-interface irb.2; } Switch-Mgmt { vlan-id 2100; l3-interface irb.5; } VLANCorporate { vlan-id 601; l3-interface irb.0; } VLANGuest { vlan-id 652; l3-interface irb.1; } } protocols { l2-learning { global-mode switching; } rstp { interface all; } } routing-options { static { route 0.0.0.0/0 next-hop X.X.X.X; } }