SRX

 View Only
last person joined: 21 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

SRX240H2 - Add 2nd Internet Programming

  • 1.  SRX240H2 - Add 2nd Internet Programming

    Posted 11-01-2021 05:44
    We have been running our corp network for the past 8 yrs on a SRX240.

    Major power outage and SRX240 wouldl't come back up ... factory defaulted it and still couldn't access via console or IP. 

    Fortunately had a newer backup SRX240H2 model and was able to get our network (10 PCs & (1) server) back up and running and also add the DSL internet.

    Having trouble adding the main Spectrum internet connection.

    We have the config back from the old SRX240 GW ... but it won't restore on the newer GW.  I will include the text from the old config for reference below.

    THOUGHT - Can I cut and paste the old config into the CLI editor and over write the current running config .... and commit and all should be ok?  Different Juno OS SW  versions.  Old was running - version 12.1R2.9; ..... NEW is running - 12.1X44-D35.5

    We have a small - simple config. Some RDCs and FTPs and that's about it.

    A - Spectrum Cable internet  (100 mbs) as main 
    B - AT&T DSL (12 mbs) as rollover-failsafe

    I have GUI access for management but don't want to do too much without assistance in adding the Spectrum connection.

    Spectrum IP data is ....

    Gateway static IP is – Static IP - 97.86.74.109 …. SNM is 255.255.255.252

     Useable IP is – 97.86.74.110

    Let me know.  

    Thanks for your help!

    Andy


    CURRENT CONFIG
    _____________________________________________________
    ## Last changed: 2021-10-27 16:24:31 EDT

    version 12.1X44-D35.5;

    system {

        host-name DTGMITF;

        time-zone EST;

        root-authentication {

            encrypted-password "$1$KixIUzsx$77CIbDhwZwJDWmz07ZKL/0";

        }

        name-server {

            208.67.222.222;

            208.67.220.220;

        }

        name-resolution {

            no-resolve-on-input;

        }

        services {

            ssh;

            telnet;

            web-management {

                http {

                    interface vlan.1;

                }

                https {

                    system-generated-certificate;

                    interface vlan.1;

                }

                session {

                    idle-timeout 60;

                }

            }

            dhcp {

                propagate-settings ge-0/0/0;

            }

        }

        syslog {

            archive size 100k files 3;

            user * {

                any emergency;

            }

            file messages {

                any critical;

                authorization info;

            }

            file interactive-commands {

                interactive-commands error;

            }

        }

        max-configurations-on-flash 5;

        max-configuration-rollbacks 5;

        license {

            autoupdate {

                url https://ae1.juniper.net/junos/key_retrieval;

            }

        }

        ntp {

            server us.ntp.pool.org;

        }

    }

    interfaces {

        ge-0/0/0 {

            unit 0 {

                family inet {

                    dhcp;

                }

            }

        }

        ge-0/0/1 {

            unit 0 {

                family inet {

                    address 97.86.74.109/30;

                }

            }

        }

        ge-0/0/2 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/3 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/4 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/5 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/6 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/7 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/8 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/9 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/10 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/11 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/12 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/13 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/14 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        ge-0/0/15 {

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan1;

                    }

                }

            }

        }

        vlan {

            unit 1 {

                family inet {

                    address 10.0.0.1/24;

                }

            }

        }

    }

    protocols {

        stp;

    }

    security {

        address-book {

            global {

                address Andy 10.0.0.111/32;

            }

        }

        screen {

            ids-option untrust-screen {

                icmp {

                    ping-death;

                }

                ip {

                    source-route-option;

                    tear-drop;

                }

                tcp {

                    syn-flood {

                        alarm-threshold 1024;

                        attack-threshold 200;

                        source-threshold 1024;

                        destination-threshold 2048;

                        timeout 20;

                    }

                    land;

                }

            }

        }

        nat {

            source {

                rule-set nsw_srcnat {

                    from zone Internal;

                    to zone Internet;

                    rule nsw-src-interface {

                        match {

                            source-address 0.0.0.0/0;

                            destination-address 0.0.0.0/0;

                        }

                        then {

                            source-nat {

                                interface;

                            }

                        }

                    }

                }

            }

            destination {

                pool RDP3390 {

                    routing-instance {

                        default;

                    }

                    address 10.0.0.111/32 port 3389;

                }

                pool RDP3391 {

                    routing-instance {

                        default;

                    }

                    address 10.0.0.125/32 port 3389;

                }

                pool RDP {

                    address 10.0.0.15/32 port 3389;

                }

                pool RDP3392 {

                    address 10.0.0.126/32 port 3389;

                }

                pool RDP3393 {

                    routing-instance {

                        default;

                    }

                    address 10.0.0.109/32 port 3389;

                }

                pool RDP3394 {

                    routing-instance {

                        default;

                    }

                    address 10.0.0.104/32 port 3389;

                }

                pool RDP3395 {

                    routing-instance {

                        default;

                    }

                    address 10.0.0.103/32 port 3389;

                }

                pool RDP3396 {

                    address 10.0.0.107/32 port 3389;

                }

                pool RDP3397 {

                    address 10.0.0.108/32 port 3397;

                }

                rule-set RDP {

                    from interface ge-0/0/1.0;

                    rule RDP {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3389;

                        }

                        then {

                            destination-nat pool RDP;

                        }

                    }

                    rule RDP3390 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3390;

                        }

                        then {

                            destination-nat pool RDP3390;

                        }

                    }

                    rule RDP3391 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3391;

                        }

                        then {

                            destination-nat pool RDP3391;

                        }

                    }

                    rule RDP3392 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3392;

                        }

                        then {

                            destination-nat pool RDP3392;

                        }

                    }

                    rule RDP3393 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3393;

                        }

                        then {

                            destination-nat pool RDP3393;

                        }

                    }

                    rule RDP3394 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3394;

                        }

                        then {

                            destination-nat pool RDP3394;

                        }

                    }

                    rule RDP3395 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3395;

                        }

                        then {

                            destination-nat pool RDP3395;

                        }

                    }

                    rule RDP3396 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3396;

                        }

                        then {

                            destination-nat pool RDP3396;

                        }

                    }

                    rule RDP3397 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3397;

                        }

                        then {

                            destination-nat pool RDP3397;

                        }

                    }

                }

            }

        }

        policies {

            from-zone Internal to-zone Internet {

                policy All_Internal_Internet {

                    match {

                        source-address any;

                        destination-address any;

                        application any;

                    }

                    then {

                        permit;

                    }

                }

            }

        }

        zones {

            security-zone Internal {

                interfaces {

                    vlan.1 {

                        host-inbound-traffic {

                            system-services {

                                ping;

                                http;

                                https;

                                ssh;

                                telnet;

                            }

                        }

                    }

                }

            }

            security-zone Internet {

                interfaces {

                    ge-0/0/0.0 {

                        host-inbound-traffic {

                            system-services {

                                dhcp;

                            }

                        }

                    }

                    ge-0/0/1.0;

                }

            }

        }

    }

    vlans {

        vlan1 {

            vlan-id 3;

            l3-interface vlan.1;

        }

    }



    OLD RUNNING CONFIG
    _____________________________________________________

    ## Last changed: 2014-01-10 07:59:09 EST

    version 12.1R2.9;

    system {

        host-name DTGMTF;

        domain-name dtgmitf.com;

        time-zone America/Detroit;

        root-authentication {

            encrypted-password "$1$mI2Cfifp$A7b0DUdyFL.NS0KIAxIM21";

        }

        name-server {

            68.94.156.1;

            68.94.157.1;

        }

        login {

            user admin {

                uid 2001;

                class super-user;

                authentication {

                    encrypted-password "$1$Yc5sUjG6$8ZldphsNUhCr6sTnUclIA1";

                }

            }

            user DTG {

                uid 2000;

                class super-user;

                authentication {

                    encrypted-password "$1$.ZKXj.JT$Y0HHc7yPNMBfteG/3Ado1.";

                }

            }

        }

        services {

            ssh;

            telnet;

            web-management {

                http {

                    interface vlan.0;

                }

                https {

                    system-generated-certificate;

                    interface vlan.0;

                }

            }

        }

        syslog {

            archive size 100k files 3;

            user * {

                any emergency;

            }

            file messages {

                any critical;

                authorization info;

            }

            file interactive-commands {

                interactive-commands error;

            }

        }

        max-configurations-on-flash 5;

        max-configuration-rollbacks 5;

        license {

            autoupdate {

                url https://ae1.juniper.net/junos/key_retrieval;

            }

        }

    }

    interfaces {

        interface-range interfaces-trust {

            member ge-0/0/2;

            member ge-0/0/3;

            member ge-0/0/4;

            member ge-0/0/5;

            member ge-0/0/6;

            member ge-0/0/7;

            member ge-0/0/8;

            member ge-0/0/9;

            member ge-0/0/10;

            member ge-0/0/11;

            member ge-0/0/12;

            member ge-0/0/13;

            member ge-0/0/14;

            member ge-0/0/15;

            unit 0 {

                family ethernet-switching {

                    vlan {

                        members vlan-trust;

                    }

                }

            }

        }

        ge-0/0/0 {

            unit 0 {

                description ATTWAN;

                family inet {

                    address 107.135.205.245/29;

                }

            }

        }

        ge-0/0/1 {

            unit 0 {

                description Charter-WAN;

                family inet {

                    address 97.86.74.110/30;

                }

            }

        }

        lo0 {

            unit 0 {

                family inet {

                    address 127.0.0.1/32;

                }

            }

        }

        vlan {

            unit 0 {

                family inet {

                    address 10.0.0.1/24;

                }

            }

        }

    }

    snmp {

        community DTGMI;

    }

    routing-options {

        static {

            route 0.0.0.0/0 {

                next-hop 97.86.74.109;

                metric 1;

            }

        }

    }

    security {

        utm {

            custom-objects {

                url-pattern {

                    DTG_Custom {

                        value http://*.fantasysports.yahoo.com;

                    }

                }

                custom-url-category {

                    DTG_Custom {

                        value DTG_Custom;

                    }

                }

            }

            feature-profile {

                web-filtering {

                    url-blacklist DTG_Custom;

                    type juniper-local;

                    surf-control-integrated {

                        profile junos-wf-cpa-default {

                            category {

                                DTG_Custom {

                                    action block;

                                }

                            }

                            default log-and-permit;

                        }

                    }

                    juniper-local {

                        profile DTGMI {

                            default permit;

                            custom-block-message "The site you are trying to access is not permitted on the DTG network.";

                            fallback-settings {

                                default log-and-permit;

                                server-connectivity log-and-permit;

                                timeout log-and-permit;

                                too-many-requests log-and-permit;

                            }

                        }

                    }

                }

                anti-spam {

                    sbl {

                        profile junos-as-defaults {

                            spam-action tag-subject;

                        }

                    }

                }

            }

            utm-policy DTG {

                web-filtering {

                    http-profile DTGMI;

                }

                traffic-options {

                    sessions-per-client {

                        over-limit log-and-permit;

                    }

                }

            }

        }

        screen {

            ids-option untrust-screen {

                icmp {

                    ping-death;

                }

                ip {

                    source-route-option;

                    tear-drop;

                }

                tcp {

                    syn-flood {

                        alarm-threshold 1024;

                        attack-threshold 200;

                        source-threshold 1024;

                        destination-threshold 2048;

                        timeout 20;

                    }

                    land;

                }

            }

        }

        nat {

            source {

                rule-set trust-to-untrust {

                    from zone trust;

                    to zone untrust;

                    rule source-nat-rule {

                        match {

                            source-address 0.0.0.0/0;

                        }

                        then {

                            source-nat {

                                interface;

                            }

                        }

                    }

                }

            }

            destination {

                pool RDP3390 {

                    address 10.0.0.150/32 port 3389;

                }

                pool RDP3391 {

                    address 10.0.0.125/32 port 3389;

                }

                pool RDP3392 {

                    address 10.0.0.126/32 port 3389;

                }

                pool RDP3393 {

                    address 10.0.0.127/32 port 3389;

                }

                pool RDP3394 {

                    address 10.0.0.128/32 port 3389;

                }

                pool RDP3395 {

                    address 10.0.0.129/32 port 3389;

                }

                pool RDP {

                    address 10.0.0.15/32 port 3389;

                }

                pool HTTP {

                    address 10.0.0.15/32 port 80;

                }

                pool HTTPS {

                    address 10.0.0.15/32 port 443;

                }

                pool SMTP {

                    address 10.0.0.15/32 port 25;

                }

                pool FTP {

                    address 10.0.0.10/32 port 21;

                }

                pool RDP33899 {

                    address 10.0.0.10/32 port 3389;

                }

                pool FTPPASV {

                    address 10.0.0.10/32 port 6100;

                }

                pool FTPPASV1 {

                    address 10.0.0.10/32 port 6101;

                }

                pool FTPPASV2 {

                    address 10.0.0.10/32 port 6102;

                }

                pool FTPPASV3 {

                    address 10.0.0.10/32 port 6103;

                }

                pool FTPPASV4 {

                    address 10.0.0.10/32 port 6104;

                }

                pool FTPPASV5 {

                    address 10.0.0.10/32 port 6105;

                }

                pool FTPPORT {

                    address 10.0.0.10/32 port 20;

                }

                rule-set RDP {

                    from interface ge-0/0/1.0;

                    rule RDP {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3389;

                        }

                        then {

                            destination-nat pool RDP;

                        }

                    }

                    rule RDP3390 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3390;

                        }

                        then {

                            destination-nat pool RDP3390;

                        }

                    }

                    rule RDP3391 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3391;

                        }

                        then {

                            destination-nat pool RDP3391;

                        }

                    }

                    rule RDP3392 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3392;

                        }

                        then {

                            destination-nat pool RDP3392;

                        }

                    }

                    rule RDP3393 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3393;

                        }

                        then {

                            destination-nat pool RDP3393;

                        }

                    }

                    rule RDP3394 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3394;

                        }

                        then {

                            destination-nat pool RDP3394;

                        }

                    }

                    rule RDP3395 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 3395;

                        }

                        then {

                            destination-nat pool RDP3395;

                        }

                    }

                    rule RDP33899 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 33899;

                        }

                        then {

                            destination-nat pool RDP33899;

                        }

                    }

                }

                rule-set WEBSVCS {

                    from zone untrust;

                    rule HTTP {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 80;

                        }

                        then {

                            destination-nat pool HTTP;

                        }

                    }

                    rule HTTPS {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 443;

                        }

                        then {

                            destination-nat pool HTTPS;

                        }

                    }

                    rule SMTP {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 25;

                        }

                        then {

                            destination-nat pool SMTP;

                        }

                    }

                    rule FTP {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 21;

                        }

                        then {

                            destination-nat pool FTP;

                        }

                    }

                    rule FTPPASV {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 6100;

                        }

                        then {

                            destination-nat pool FTPPASV;

                        }

                    }

                    rule FTPPASV1 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 6101;

                        }

                        then {

                            destination-nat pool FTPPASV1;

                        }

                    }

                    rule FTPPASV2 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 6102;

                        }

                        then {

                            destination-nat pool FTPPASV2;

                        }

                    }

                    rule FTPPASV3 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 6103;

                        }

                        then {

                            destination-nat pool FTPPASV3;

                        }

                    }

                    rule FTPPASV4 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 6104;

                        }

                        then {

                            destination-nat pool FTPPASV4;

                        }

                    }

                    rule FTPPASV5 {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 6105;

                        }

                        then {

                            destination-nat pool FTPPASV5;

                        }

                    }

                    rule FTPPORT {

                        match {

                            destination-address 97.86.74.110/30;

                            destination-port 20;

                        }

                        then {

                            destination-nat pool FTPPORT;

                        }

                    }

                }

                rule-set DSL-NAT {

                    from interface ge-0/0/0.0;

                    rule RDP-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 3389;

                        }

                        then {

                            destination-nat pool RDP;

                        }

                    }

                    rule SMTP-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 25;

                        }

                        then {

                            destination-nat pool SMTP;

                        }

                    }

                    rule HTTPS-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 443;

                        }

                        then {

                            destination-nat pool HTTPS;

                        }

                    }

                    rule RDP3390-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 3390;

                        }

                        then {

                            destination-nat pool RDP3390;

                        }

                    }

                    rule RDP3391-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 3391;

                        }

                        then {

                            destination-nat pool RDP3391;

                        }

                    }

                    rule RDP3392-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 3392;

                        }

                        then {

                            destination-nat pool RDP3392;

                        }

                    }

                    rule RDP3393-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 3393;

                        }

                        then {

                            destination-nat pool RDP3393;

                        }

                    }

                    rule RDP3394-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 3394;

                        }

                        then {

                            destination-nat pool RDP3394;

                        }

                    }

                    rule HTTP-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 80;

                        }

                        then {

                            destination-nat pool HTTP;

                        }

                    }

                    rule RDP33899-DSL {

                        match {

                            destination-address 107.135.205.245/29;

                            destination-port 33899;

                        }

                        then {

                            destination-nat pool RDP33899;

                        }

                    }

                }

            }

        }

        policies {

            from-zone trust to-zone untrust {

                policy UnFiltered {

                    match {

                        source-address Andy;

                        destination-address any;

                        application any;

                    }

                    then {

                        permit;

                    }

                }

                policy Web_Filter {

                    match {

                        source-address any;

                        destination-address [ YahooSports YouTube Monster NFL Netflix Pandora AddictingGames Evony PlentyofFish Myspace CareerBuilder Fling LiveLeak MeetUpStatic www.monster.com www.youtube.com www.fling.com www.careerbuilder.com www.myspace.com www.plentyoffish.com www.meetupstatic.com www.evony.com www.addictinggames.com www.liveleak.com www.pandora.com www.netflix.com www.nfl.com static.nfl.com www.example.com www.conquerclub.com www.twitter.com ];

                        application any;

                    }

                    then {

                        permit;

                    }

                }

                policy trust-to-untrust {

                    match {

                        source-address any;

                        destination-address any;

                        application any;

                    }

                    then {

                        permit {

                            application-services {

                                utm-policy DTG;

                            }

                        }

                    }

                }

            }

            from-zone untrust to-zone trust {

                policy untrust_trust {

                    match {

                        source-address any;

                        destination-address any;

                        application [ RDP RDP3390 RDP3391 RDP3392 RDP3393 RDP3394 RDP3395 junos-smtp junos-http junos-https junos-ftp ];

                    }

                    then {

                        permit;

                    }

                }

            }

        }

        zones {

            security-zone trust {

                address-book {

                    address Andy 10.0.0.150/32;

                }

                host-inbound-traffic {

                    system-services {

                        all;

                    }

                    protocols {

                        all;

                    }

                }

                interfaces {

                    vlan.0;

                }

            }

            security-zone untrust {

                address-book {

                    address YahooSports {

                        dns-name fantasysports.yahoo.com;

                    }

                    address Monster {

                        dns-name monster.com;

                    }

                    address YouTube {

                        dns-name youtube.com;

                    }

                    address Fling {

                        dns-name fling.com;

                    }

                    address CareerBuilder {

                        dns-name careerbuilder.com;

                    }

                    address Myspace {

                        dns-name myspace.com;

                    }

                    address PlentyofFish {

                        dns-name plentyoffish.com;

                    }

                    address MeetUpStatic {

                        dns-name meetupstatic.com;

                    }

                    address Evony {

                        dns-name evony.com;

                    }

                    address AddictingGames {

                        dns-name addictinggames.com;

                    }

                    address LiveLeak {

                        dns-name liveleak.com;

                    }

                    address Pandora {

                        dns-name pandora.com;

                    }

                    address Netflix {

                        dns-name netflix.com;

                    }

                    address NFL {

                        dns-name nfl.com;

                    }

                    address www.monster.com {

                        dns-name www.monster.com;

                    }

                    address www.youtube.com {

                        dns-name www.youtube.com;

                    }

                    address www.fling.com {

                        dns-name www.fling.com;

                    }

                    address www.careerbuilder.com {

                        dns-name www.careerbuilder.com;

                    }

                    address www.myspace.com {

                        dns-name www.myspace.com;

                    }

                    address www.plentyoffish.com {

                        dns-name www.plentyoffish.com;

                    }

                    address www.meetupstatic.com {

                        dns-name www.meetupstatic.com;

                    }

                    address www.evony.com {

                        dns-name www.evony.com;

                    }

                    address www.addictinggames.com {

                        dns-name www.addictinggames.com;

                    }

                    address www.liveleak.com {

                        dns-name www.liveleak.com;

                    }

                    address www.pandora.com {

                        dns-name www.pandora.com;

                    }

                    address www.netflix.com {

                        dns-name www.netflix.com;

                    }

                    address www.nfl.com {

                        dns-name www.nfl.com;

                    }

                    address static.nfl.com {

                        dns-name static.nfl.com;

                    }

                    address www.example.com {

                        dns-name www.example.com;

                    }

                    address www.conquerclub.com {

                        dns-name www.conquerclub.com;

                    }

                    address www.twitter.com {

                        dns-name www.twitter.com;

                    }

                }

                screen untrust-screen;

                interfaces {

                    ge-0/0/0.0 {

                        host-inbound-traffic {

                            system-services {

                                dhcp;

                                tftp;

                                ping;

                                ssh;

                            }

                        }

                    }

                    ge-0/0/1.0 {

                        host-inbound-traffic {

                            system-services {

                                ping;

                                ssh;

                            }

                        }

                    }

                }

            }

        }

    }

    services {

        rpm {

            probe Probe-Server-Cable {

                test testsvr {

                    target address 8.8.8.8;

                    probe-count 5;

                    probe-interval 2;

                    test-interval 5;

                    thresholds {

                        successive-loss 5;

                        total-loss 5;

                    }

                    destination-interface ge-0/0/1.0;

                    next-hop 97.86.74.109;

                }

            }

            probe Probe-Server-DSL {

                test testsvr {

                    target address 4.2.2.1;

                    probe-count 5;

                    probe-interval 2;

                    test-interval 5;

                    thresholds {

                        successive-loss 5;

                        total-loss 5;

                    }

                    destination-interface ge-0/0/0.0;

                    next-hop 107.135.205.246;

                }

            }

        }

        ip-monitoring {

            policy Server-Tracking {

                match {

                    rpm-probe Probe-Server-Cable;

                }

                then {

                    preferred-route {

                        route 0.0.0.0/0 {

                            next-hop 107.135.205.246;

                        }

                    }

                }

            }

            policy Server-Tracking1 {

                match {

                    rpm-probe Probe-Server-DSL;

                }

                then {

                    preferred-route {

                        route 0.0.0.0/0 {

                            next-hop 97.86.74.109;

                        }

                    }

                }

            }

        }

    }

    applications {

        application RDP protocol tcp;

        application RDP3390 protocol tcp;

        application RDP3391 protocol tcp;

        application RDP3392 protocol tcp;

        application RDP3393 protocol tcp;

        application RDP3394 protocol tcp;

        application RDP3395 protocol tcp;

    }

    vlans {

        vlan-trust {

            vlan-id 3;

            l3-interface vlan.0;

        }

    }



    ------------------------------
    Andrew Roach
    ------------------------------