SRX Dual ISP

Image
root@srx# show
## Last changed: 2015-10-02 15:18:38 WIT
version 12.1X44-D40.2;
system {
host-name srx;
domain-name nbctcp.com;
domain-search nbctcp.com;
time-zone Asia/Jakarta;
root-authentication {
encrypted-password “$1$yhxDmC9m$ifsfQke2jeD/KCfY/dG2g0”; ## SECRET-DATA
}
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh;
xnm-clear-text;
web-management {
http {
interface vlan.0;
}
https {
                system-generated-certificate;
                interface vlan.0;
}
}
dhcp {
domain-name nbctcp.com;
name-server {
8.8.8.8;
8.8.4.4;
}
router {
10.0.45.1;
}
pool 10.0.45.0/24 {
address-range low 10.0.45.101 high 10.0.45.200;
}
propagate-settings vlan.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
        }
        file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server 202.65.114.202;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
            family inet {
                address 10.0.10.227/24;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.46.227/24;
}
}
}
fe-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/3 {
unit 0 {
            family ethernet-switching {
                vlan {
members vlan-trust;
}
}
}
}
fe-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
        }
    }
fe-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
vlan {
unit 0 {
family inet {
                address 10.0.45.1/24;
            }
}
}
}
forwarding-options {
hash-key {
family inet {
layer-3;
layer-4;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop [ 10.0.10.1 10.0.46.1 ];
}
forwarding-table {
export LOAD-BALANCE;
}
}
protocols {
stp;
}
policy-options {
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
        }
    }
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
                    all;
                }
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0;
ge-0/0/1.0;
}
}
}
}
poe {
interface all;
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s