SRX Configuration

1. set version 11.2R4.3
2. set system host-name firewall
3. set system root-authentication encrypted-password "$1$LH0x4v36$yUEal4Pt3OGGYdwDbO6dF0"
4. set system name-server 24.217.0.5
5. set system name-server 24.217.201.67
6. set system name-server 24.247.15.53
7. set system services ssh
8. set system services telnet
9. set system services xnm-clear-text
10. set system services web-management http interface fe-0/0/2.0
11. set system services web-management http interface fe-0/0/1.0
12. set system services web-management https system-generated-certificate
13. set system services web-management https interface fe-0/0/2.0
14. set system services web-management https interface fe-0/0/1.0
15. set system services dhcp router 192.168.1.1
16. set system services dhcp propagate-settings fe-0/0/0.0
17. set system syslog archive size 100k
18. set system syslog archive files 3
19. set system syslog user * any emergency
20. set system syslog file messages any critical
21. set system syslog file messages authorization info
22. set system syslog file interactive-commands interactive-commands error
23. set system max-configurations-on-flash 5
24. set system max-configuration-rollbacks 5
25. set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
26. set interfaces fe-0/0/0 unit 0 family inet address 96.35.165.2/27
27. set interfaces fe-0/0/1 unit 0 family inet address 10.0.2.1/16
28. set interfaces fe-0/0/2 unit 0 family inet address 192.168.1.1/24
29. set interfaces fe-0/0/3 unit 0 family ethernet-switching
30. set interfaces fe-0/0/4 unit 0 family ethernet-switching
31. set interfaces fe-0/0/5 unit 0 family ethernet-switching
32. set interfaces fe-0/0/6 unit 0 family ethernet-switching
33. set interfaces fe-0/0/7 unit 0 family ethernet-switching
34. set routing-options static route 0.0.0.0/0 next-hop 96.35.165.1
35. set protocols stp
36. set security ike policy ike_pol_wizard_dyn_vpn mode aggressive
37. set security ike policy ike_pol_wizard_dyn_vpn proposal-set compatible
38. set security ike policy ike_pol_wizard_dyn_vpn pre-shared-key ascii-text "$9$JoUjq3nCpORHqIcyr8LgoJZjqP5QCp0"
39. set security ike gateway gw_wizard_dyn_vpn ike-policy ike_pol_wizard_dyn_vpn
40. set security ike gateway gw_wizard_dyn_vpn dynamic hostname firewall
41. set security ike gateway gw_wizard_dyn_vpn dynamic hostname firewall
42. set security ike gateway gw_wizard_dyn_vpn dynamic connections-limit 50
43. set security ike gateway gw_wizard_dyn_vpn dynamic ike-user-type group-ike-id
44. set security ike gateway gw_wizard_dyn_vpn external-interface fe-0/0/0.0
45. set security ike gateway gw_wizard_dyn_vpn xauth access-profile remote_access_profile
46. set security ipsec policy ipsec_pol_wizard_dyn_vpn perfect-forward-secrecy keys group2
47. set security ipsec policy ipsec_pol_wizard_dyn_vpn proposal-set compatible
48. set security ipsec vpn wizard_dyn_vpn ike gateway gw_wizard_dyn_vpn
49. set security ipsec vpn wizard_dyn_vpn ike ipsec-policy ipsec_pol_wizard_dyn_vpn
50. set security dynamic-vpn access-profile remote_access_profile
51. set security dynamic-vpn clients wizard-dyn-group remote-protected-resources 10. 0.0.0/16
52. set security dynamic-vpn clients wizard-dyn-group ipsec-vpn wizard_dyn_vpn
53. set security dynamic-vpn clients wizard-dyn-group user ereynold
54. set security dynamic-vpn clients wizard-dyn-group user jrhodes
55. set security dynamic-vpn clients wizard-dyn-group user struman
56. set security screen ids-option untrust-screen icmp ping-death
57. set security screen ids-option untrust-screen ip source-route-option
58. set security screen ids-option untrust-screen ip tear-drop
59. set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
60. set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
61. set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
62. set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
63. set security screen ids-option untrust-screen tcp syn-flood timeout 20
64. set security screen ids-option untrust-screen tcp land
65. set security nat source rule-set trust-to-untrust from zone trust
66. set security nat source rule-set trust-to-untrust to zone untrust
67. set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
68. set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
69. set security nat destination rule-set cloud-8080 from interface fe-0/0/0.0
70. set security nat destination rule-set cloud-8080 rule cloud-8080 match source-address 0.0.0.0/0
71. set security nat destination rule-set cloud-8080 rule cloud-8080 match destination-address 192.168.2.1/32
72. set security nat destination rule-set cloud-8080 rule cloud-8080 match destination-port 8080
73. set security nat destination rule-set cloud-8080 rule cloud-8080 then destination-nat off
74. set security nat proxy-arp interface fe-0/0/0.0 address 10.0.10.1/32 to 10.0.10.255/32
75. set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
76. set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
77. set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
78. set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
79. set security policies from-zone untrust to-zone trust policy policy_in_wizard_dyn_vpn match source-address any
80. set security policies from-zone untrust to-zone trust policy policy_in_wizard_dyn_vpn match destination-address any
81. set security policies from-zone untrust to-zone trust policy policy_in_wizard_dyn_vpn match application any
82. set security policies from-zone untrust to-zone trust policy policy_in_wizard_dyn_vpn then permit tunnel ipsec-vpn wizard_dyn_vpn
83. set security zones security-zone trust host-inbound-traffic system-services all
84. set security zones security-zone trust interfaces fe-0/0/1.0
85. set security zones security-zone trust interfaces fe-0/0/2.0
86. set security zones security-zone untrust screen untrust-screen
87. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services dhcp
88. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services tftp
89. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ike
90. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services https
91. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ping
92. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ssh
93. set access profile remote_access_profile client struman firewall-user password "$9$xE77dsoJDP5FNdHqm5F3KMWLdb"
94. set access profile remote_access_profile address-assignment pool dyn-vpn-address-pool
95. set access address-assignment pool dyn-vpn-address-pool family inet network 10.0.0.0/16
96. set access address-assignment pool dyn-vpn-address-pool family inet range dvpn-range low 10.0.10.1
97. set access address-assignment pool dyn-vpn-address-pool family inet range dvpn-range high 10.0.10.255
98. set access address-assignment pool dyn-vpn-address-pool family inet xauth-attributes primary-dns 10.0.2.2/32
99. set access address-assignment pool dyn-vpn-address-pool family inet xauth-attributes primary-wins 10.0.2.2/32
100. set access firewall-authentication web-authentication default-profile remote_access_profile