SRX Dual WAN

1. set system services ssh max-sessions-per-connection 64
2. set system services ssh sftp-server
3. set system services netconf ssh
4. set system services dhcp-local-server group LAN interface ge-0/0/2.0
5. set system management-instance
6. set system name-server 8.8.8.8 routing-instance mgmt_junos
7. set system syslog file default-log-messages any info
8. set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|_GRES"
9. set system syslog file default-log-messages structured-data
10. set system syslog file interactive-commands interactive-commands any
11. set system syslog file messages any any
12. set system syslog file messages authorization info
13. set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
14. set system ntp server 192.168.3.19 routing-instance mgmt_junos
15. set services rpm probe WAN-B test wan_ping probe-type icmp-ping
16. set services rpm probe WAN-B test wan_ping target address 8.8.8.8
17. set services rpm probe WAN-B test wan_ping probe-count 3
18. set services rpm probe WAN-B test wan_ping probe-interval 5
19. set services rpm probe WAN-B test wan_ping test-interval 30
20. set services rpm probe WAN-B test wan_ping routing-instance WAN-B
21. set services rpm probe WAN-B test wan_ping thresholds successive-loss 2
22. set services rpm probe WAN-B test wan_ping thresholds total-loss 2
23. set services rpm probe WAN-B test wan_ping hardware-timestamp
24. set services rpm probe WAN-A test wan_ping probe-type icmp-ping
25. set services rpm probe WAN-A test wan_ping target address 8.8.8.8
26. set services rpm probe WAN-A test wan_ping probe-count 3
27. set services rpm probe WAN-A test wan_ping probe-interval 5
28. set services rpm probe WAN-A test wan_ping test-interval 30
29. set services rpm probe WAN-A test wan_ping routing-instance WAN-A
30. set services rpm probe WAN-A test wan_ping thresholds successive-loss 2
31. set services rpm probe WAN-A test wan_ping thresholds total-loss 2
32. set services rpm probe WAN-A test wan_ping hardware-timestamp
33. set services ip-monitoring policy WAN-B_DOWN match rpm-probe WAN-B
34. set services ip-monitoring policy WAN-B_DOWN then preferred-route routing-instances WAN-B route 100.99.255.2/32 discard
35. set services ip-monitoring policy WAN-A_DOWN match rpm-probe WAN-A
36. set services ip-monitoring policy WAN-A_DOWN then preferred-route routing-instances WAN-A route 100.99.255.2/32 discard
37. set security nat source rule-set LAN_to_WAN-A from zone TRUST
38. set security nat source rule-set LAN_to_WAN-A to zone WAN-A
39. set security nat source rule-set LAN_to_WAN-A rule LAN_to_WAN-A match source-address 0.0.0.0/0
40. set security nat source rule-set LAN_to_WAN-A rule LAN_to_WAN-A then source-nat interface
41. set security nat source rule-set LAN_to_WAN-B from zone TRUST
42. set security nat source rule-set LAN_to_WAN-B to zone WAN-B
43. set security nat source rule-set LAN_to_WAN-B rule LAN_to_WAN-B match source-address 0.0.0.0/0
44. set security nat source rule-set LAN_to_WAN-B rule LAN_to_WAN-B then source-nat interface
45. set security policies from-zone TRUST to-zone WAN-A policy ALLOW_ALL match source-address any
46. set security policies from-zone TRUST to-zone WAN-A policy ALLOW_ALL match destination-address any
47. set security policies from-zone TRUST to-zone WAN-A policy ALLOW_ALL match application any
48. set security policies from-zone TRUST to-zone WAN-A policy ALLOW_ALL then permit
49. set security policies from-zone TRUST to-zone WAN-B policy ALLOW_ALL match source-address any
50. set security policies from-zone TRUST to-zone WAN-B policy ALLOW_ALL match destination-address any
51. set security policies from-zone TRUST to-zone WAN-B policy ALLOW_ALL match application any
52. set security policies from-zone TRUST to-zone WAN-B policy ALLOW_ALL then permit
53. set security zones security-zone WAN-A host-inbound-traffic system-services all
54. set security zones security-zone WAN-A host-inbound-traffic protocols all
55. set security zones security-zone WAN-A interfaces ge-0/0/0.0
56. set security zones security-zone TRUST host-inbound-traffic system-services all
57. set security zones security-zone TRUST host-inbound-traffic protocols all
58. set security zones security-zone TRUST interfaces ge-0/0/2.0
59. set security zones security-zone WAN-B host-inbound-traffic system-services all
60. set security zones security-zone WAN-B host-inbound-traffic protocols all
61. set security zones security-zone WAN-B interfaces ge-0/0/1.0
62. set interfaces ge-0/0/0 description WAN-A
63. set interfaces ge-0/0/0 unit 0 family inet dhcp
64. set interfaces ge-0/0/1 description WAN-B
65. set interfaces ge-0/0/1 unit 0 family inet dhcp
66. set interfaces ge-0/0/2 description LAN
67. set interfaces ge-0/0/2 unit 0 family inet address 192.168.4.1/24
68. set interfaces fxp0 unit 0 family inet address 192.168.3.82/24
69. set policy-options policy-statement master_direct term 01_direct from instance master
70. set policy-options policy-statement master_direct term 01_direct from protocol direct
71. set policy-options policy-statement master_direct term 01_direct then accept
72. set policy-options policy-statement master_direct term 02_not_direct from instance master
73. set policy-options policy-statement master_direct term 02_not_direct then reject
74. set policy-options policy-statement wan_default term 01_WAN-A_DOWN from instance WAN-A
75. set policy-options policy-statement wan_default term 01_WAN-A_DOWN from route-filter 0.0.0.0/0 exact
76. set policy-options policy-statement wan_default term 01_WAN-A_DOWN from condition WAN-A_DOWN
77. set policy-options policy-statement wan_default term 01_WAN-A_DOWN then reject
78. set policy-options policy-statement wan_default term 02_WAN-A_DEFAULT from instance WAN-A
79. set policy-options policy-statement wan_default term 02_WAN-A_DEFAULT from route-filter 0.0.0.0/0 exact
80. set policy-options policy-statement wan_default term 02_WAN-A_DEFAULT then accept
81. set policy-options policy-statement wan_default term 03_WAN-A_LOCAL from instance WAN-A
82. set policy-options policy-statement wan_default term 03_WAN-A_LOCAL from protocol local
83. set policy-options policy-statement wan_default term 03_WAN-A_LOCAL to rib inet.0
84. set policy-options policy-statement wan_default term 03_WAN-A_LOCAL then accept
85. set policy-options policy-statement wan_default term 04_WAN-A_CLEANUP from instance WAN-A
86. set policy-options policy-statement wan_default term 04_WAN-A_CLEANUP from protocol direct
87. set policy-options policy-statement wan_default term 04_WAN-A_CLEANUP from protocol local
88. set policy-options policy-statement wan_default term 04_WAN-A_CLEANUP then reject
89. set policy-options policy-statement wan_default term 05_WAN-B_DOWN from instance WAN-B
90. set policy-options policy-statement wan_default term 05_WAN-B_DOWN from route-filter 0.0.0.0/0 exact
91. set policy-options policy-statement wan_default term 05_WAN-B_DOWN from condition WAN-B_DOWN
92. set policy-options policy-statement wan_default term 05_WAN-B_DOWN then reject
93. set policy-options policy-statement wan_default term 06_WAN-B_DEFAULT from instance WAN-B
94. set policy-options policy-statement wan_default term 06_WAN-B_DEFAULT from route-filter 0.0.0.0/0 exact
95. set policy-options policy-statement wan_default term 06_WAN-B_DEFAULT then accept
96. set policy-options policy-statement wan_default term 07_WAN-B_LOCAL from instance WAN-B
97. set policy-options policy-statement wan_default term 07_WAN-B_LOCAL from protocol local
98. set policy-options policy-statement wan_default term 07_WAN-B_LOCAL to rib inet.0
99. set policy-options policy-statement wan_default term 07_WAN-B_LOCAL then accept
100. set policy-options policy-statement wan_default term 08_WAN-B_CLEANUP from instance WAN-B
101. set policy-options policy-statement wan_default term 08_WAN-B_CLEANUP from protocol direct
102. set policy-options policy-statement wan_default term 08_WAN-B_CLEANUP from protocol local
103. set policy-options policy-statement wan_default term 08_WAN-B_CLEANUP then reject
104. set policy-options condition WAN-A_DOWN if-route-exists address-family inet 100.99.255.2/32
105. set policy-options condition WAN-A_DOWN if-route-exists address-family inet table WAN-A.inet.0
106. set policy-options condition WAN-B_DOWN if-route-exists address-family inet 100.99.255.2/32
107. set policy-options condition WAN-B_DOWN if-route-exists address-family inet table WAN-B.inet.0
108. set access address-assignment pool LAN family inet network 192.168.4.0/24
109. set access address-assignment pool LAN family inet range LAN low 192.168.4.20
110. set access address-assignment pool LAN family inet range LAN high 192.168.4.100
111. set access address-assignment pool LAN family inet dhcp-attributes name-server 8.8.8.8
112. set access address-assignment pool LAN family inet dhcp-attributes router 192.168.4.1
113. set routing-instances WAN-A instance-type virtual-router
114. set routing-instances WAN-A routing-options instance-import master_direct
115. set routing-instances WAN-A interface ge-0/0/0.0
116. set routing-instances WAN-B instance-type virtual-router
117. set routing-instances WAN-B routing-options instance-import master_direct
118. set routing-instances WAN-B interface ge-0/0/1.0
119. set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.3.1
120. set routing-options instance-import wan_default
121.