Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Juniper Connected Security Solution for Juniper Networks Devices Network Configuration Example - Juniper Connected Security Solution for Juniper Networks Devices

Juniper Connected Security Solution for Juniper Networks Devices

keyboard_arrow_up
close
keyboard_arrow_left
Juniper Connected Security Solution for Juniper Networks Devices
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Configuration of SRX Series Devices and EX Series Switches

date_range 04-Aug-23
arrow_backward
arrow_forward

As discussed in Use Case # 1: Configuring Juniper Connected Security, Juniper Connected Security can be deployed in three ways, as shown in Figure 1:

Figure 1: Juniper Connected Security Implementation OptionsJuniper Connected Security Implementation Options

Table 1 provides more detail on these deployment options.

Table 1: Supported Topologies for Juniper Connected Security

Topology 1

Topology 2

Topology 3

EX Series or QFX Series device as Layer 2 switch

EX Series or QFX Series device (access switch) as Layer 2 switch

EX Series or QFX Series device (aggregation switch) as Layer 3 switch

EX Series or QFX Series device as Layer 2/Layer 3 switch

SRX Series device as firewall in Layer 3 mode

SRX Series device as firewall in Layer 3 mode

SRX Series device as firewall in Layer 3 mode

IRB / VLAN tagging on SRX Series device

IRB / VLAN tagging on EX Series or QFX Series device (aggregation switch)

IRB / VLAN tagging on EX Series or QFX Series switch

Configuration files for each topology are provided below.

Note:

These configurations are captured from a lab environment, and are provided for reference only. Actual configurations may vary based on the specific requirements of your environment.

Configuration Files for Topology #1

SRX Series Firewall Configuration

content_copy zoom_out_map
set version 15.1X49-D80.4
set system host-name SRX1500-WF
set system time-zone America/New_York
set system root-authentication encrypted-password "$ABC123"
set system name-server 8.8.8.8
set system services ssh max-sessions-per-connection 32
set system services telnet
set system services xnm-clear-text
set system services netconf ssh
set system services dhcp-local-server group wan-dhcp interface irb.12
set system syslog user * any emergency
set system syslog host 192.168.10.4 structured-data
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any info
set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES"
set system syslog file default-log-messages structured-data
set system max-configurations-on-flash 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server 203.0.113.1
set services application-identification
set services ssl initiation profile aamw-ssl trusted-ca aamw-secintel-ca
set services ssl initiation profile aamw-ssl trusted-ca aamw-cloud-ca
set services ssl initiation profile aamw-ssl client-certificate aamw-srx-cert
set services ssl initiation profile aamw-ssl actions crl disable
set services security-intelligence url https://10.13.107.164:443/api/v1/manifest.xml
set services security-intelligence authentication auth-token ABC123
set services security-intelligence profile TPP_CC category CC
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 1
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 2
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 3
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 4
set services security-intelligence profile TPP_CC rule Rule-1 then action permit
set services security-intelligence profile TPP_CC rule Rule-1 then log
set services security-intelligence profile TPP_CC rule Rule-2 match threat-level 5
set services security-intelligence profile TPP_CC rule Rule-2 match threat-level 6
set services security-intelligence profile TPP_CC rule Rule-2 match threat-level 7
set services security-intelligence profile TPP_CC rule Rule-2 then action permit
set services security-intelligence profile TPP_CC rule Rule-2 then log
set services security-intelligence profile TPP_CC rule Rule-3 match threat-level 8
set services security-intelligence profile TPP_CC rule Rule-3 match threat-level 9
set services security-intelligence profile TPP_CC rule Rule-3 match threat-level 10
set services security-intelligence profile TPP_CC rule Rule-3 then action block drop
set services security-intelligence profile TPP_CC rule Rule-3 then log
set services security-intelligence profile TPP_Infected-Hosts category Infected-Hosts
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 1
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 2
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 3
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 4
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 5
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 6
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 then action permit
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 then log
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 7
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 8
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 9
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 10
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 then action block drop
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 then log
set services security-intelligence policy TPP CC TPP_CC
set services security-intelligence policy TPP Infected-Hosts TPP_Infected-Hosts
set services advanced-anti-malware connection url https://srxapi.us-west-2.sky.junipersecurity.net
set services advanced-anti-malware connection authentication tls-profile aamw-ssl
set services advanced-anti-malware policy TPP http inspection-profile default_profile
set services advanced-anti-malware policy TPP http action block
set services advanced-anti-malware policy TPP http notification log
set services advanced-anti-malware policy TPP verdict-threshold 8
set services advanced-anti-malware policy TPP fallback-options action permit
set services advanced-anti-malware policy TPP fallback-options notification log
set services advanced-anti-malware policy TPP default-notification log
set services advanced-anti-malware policy TPP whitelist-notification log
set services advanced-anti-malware policy TPP blacklist-notification log
set security log mode stream
set security log format sd-syslog
set security log source-address 192.168.10.1
set security log stream TRAFFIC category all
set security log stream TRAFFIC host 192.168.10.4
set security log stream TRAFFIC host port 514
set security pki ca-profile All-Trusted-CA-Def_1 ca-identity All-Trusted-CA-Def_1
set security pki ca-profile All-Trusted-CA-Def_2 ca-identity All-Trusted-CA-Def_2
set security pki ca-profile All-Trusted-CA-Def_3 ca-identity All-Trusted-CA-Def_3
set security pki ca-profile All-Trusted-CA-Def_4 ca-identity All-Trusted-CA-Def_4
set security pki ca-profile All-Trusted-CA-Def_5 ca-identity All-Trusted-CA-Def_5
set security pki ca-profile All-Trusted-CA-Def_6 ca-identity All-Trusted-CA-Def_6
set security pki ca-profile All-Trusted-CA-Def_7 ca-identity All-Trusted-CA-Def_7
set security pki ca-profile All-Trusted-CA-Def_8 ca-identity All-Trusted-CA-Def_8
set security pki ca-profile All-Trusted-CA-Def_9 ca-identity All-Trusted-CA-Def_9
set security pki ca-profile All-Trusted-CA-Def_10 ca-identity All-Trusted-CA-Def_10
set security pki ca-profile All-Trusted-CA-Def_11 ca-identity All-Trusted-CA-Def_11
set security pki ca-profile All-Trusted-CA-Def_12 ca-identity All-Trusted-CA-Def_12
set security pki ca-profile All-Trusted-CA-Def_13 ca-identity All-Trusted-CA-Def_13
set security pki ca-profile All-Trusted-CA-Def_14 ca-identity All-Trusted-CA-Def_14
set security pki ca-profile All-Trusted-CA-Def_15 ca-identity All-Trusted-CA-Def_15
set security pki ca-profile All-Trusted-CA-Def_16 ca-identity All-Trusted-CA-Def_16
set security pki ca-profile All-Trusted-CA-Def_17 ca-identity All-Trusted-CA-Def_17
set security pki ca-profile All-Trusted-CA-Def_18 ca-identity All-Trusted-CA-Def_18
set security pki ca-profile All-Trusted-CA-Def_19 ca-identity All-Trusted-CA-Def_19
set security pki ca-profile All-Trusted-CA-Def_20 ca-identity All-Trusted-CA-Def_20
set security pki ca-profile All-Trusted-CA-Def_21 ca-identity All-Trusted-CA-Def_21
set security pki ca-profile All-Trusted-CA-Def_22 ca-identity All-Trusted-CA-Def_22
set security pki ca-profile All-Trusted-CA-Def_23 ca-identity All-Trusted-CA-Def_23
set security pki ca-profile All-Trusted-CA-Def_24 ca-identity All-Trusted-CA-Def_24
set security pki ca-profile All-Trusted-CA-Def_25 ca-identity All-Trusted-CA-Def_25
set security pki ca-profile All-Trusted-CA-Def_26 ca-identity All-Trusted-CA-Def_26
set security pki ca-profile All-Trusted-CA-Def_27 ca-identity All-Trusted-CA-Def_27
set security pki ca-profile All-Trusted-CA-Def_28 ca-identity All-Trusted-CA-Def_28
set security pki ca-profile All-Trusted-CA-Def_29 ca-identity All-Trusted-CA-Def_29
set security pki ca-profile All-Trusted-CA-Def_30 ca-identity All-Trusted-CA-Def_30
set security pki ca-profile All-Trusted-CA-Def_31 ca-identity All-Trusted-CA-Def_31
set security pki ca-profile All-Trusted-CA-Def_32 ca-identity All-Trusted-CA-Def_32
set security pki ca-profile All-Trusted-CA-Def_33 ca-identity All-Trusted-CA-Def_33
set security pki ca-profile All-Trusted-CA-Def_34 ca-identity All-Trusted-CA-Def_34
set security pki ca-profile All-Trusted-CA-Def_35 ca-identity All-Trusted-CA-Def_35
set security pki ca-profile All-Trusted-CA-Def_36 ca-identity All-Trusted-CA-Def_36
set security pki ca-profile All-Trusted-CA-Def_37 ca-identity All-Trusted-CA-Def_37
set security pki ca-profile All-Trusted-CA-Def_38 ca-identity All-Trusted-CA-Def_38
set security pki ca-profile All-Trusted-CA-Def_39 ca-identity All-Trusted-CA-Def_39
set security pki ca-profile All-Trusted-CA-Def_40 ca-identity All-Trusted-CA-Def_40
set security pki ca-profile All-Trusted-CA-Def_41 ca-identity All-Trusted-CA-Def_41
set security pki ca-profile All-Trusted-CA-Def_42 ca-identity All-Trusted-CA-Def_42
set security pki ca-profile All-Trusted-CA-Def_43 ca-identity All-Trusted-CA-Def_43
set security pki ca-profile All-Trusted-CA-Def_44 ca-identity All-Trusted-CA-Def_44
set security pki ca-profile All-Trusted-CA-Def_45 ca-identity All-Trusted-CA-Def_45
set security pki ca-profile All-Trusted-CA-Def_46 ca-identity All-Trusted-CA-Def_46
set security pki ca-profile All-Trusted-CA-Def_47 ca-identity All-Trusted-CA-Def_47
set security pki ca-profile All-Trusted-CA-Def_48 ca-identity All-Trusted-CA-Def_48
set security pki ca-profile All-Trusted-CA-Def_49 ca-identity All-Trusted-CA-Def_49
set security pki ca-profile All-Trusted-CA-Def_50 ca-identity All-Trusted-CA-Def_50
set security pki ca-profile All-Trusted-CA-Def_51 ca-identity All-Trusted-CA-Def_51
set security pki ca-profile All-Trusted-CA-Def_52 ca-identity All-Trusted-CA-Def_52
set security pki ca-profile All-Trusted-CA-Def_53 ca-identity All-Trusted-CA-Def_53
set security pki ca-profile All-Trusted-CA-Def_54 ca-identity All-Trusted-CA-Def_54
set security pki ca-profile All-Trusted-CA-Def_55 ca-identity All-Trusted-CA-Def_55
set security pki ca-profile All-Trusted-CA-Def_56 ca-identity All-Trusted-CA-Def_56
set security pki ca-profile All-Trusted-CA-Def_57 ca-identity All-Trusted-CA-Def_57
set security pki ca-profile All-Trusted-CA-Def_58 ca-identity All-Trusted-CA-Def_58
set security pki ca-profile All-Trusted-CA-Def_59 ca-identity All-Trusted-CA-Def_59
set security pki ca-profile All-Trusted-CA-Def_60 ca-identity All-Trusted-CA-Def_60
set security pki ca-profile All-Trusted-CA-Def_61 ca-identity All-Trusted-CA-Def_61
set security pki ca-profile All-Trusted-CA-Def_62 ca-identity All-Trusted-CA-Def_62
set security pki ca-profile All-Trusted-CA-Def_63 ca-identity All-Trusted-CA-Def_63
set security pki ca-profile All-Trusted-CA-Def_64 ca-identity All-Trusted-CA-Def_64
set security pki ca-profile All-Trusted-CA-Def_65 ca-identity All-Trusted-CA-Def_65
set security pki ca-profile All-Trusted-CA-Def_66 ca-identity All-Trusted-CA-Def_66
set security pki ca-profile All-Trusted-CA-Def_67 ca-identity All-Trusted-CA-Def_67
set security pki ca-profile All-Trusted-CA-Def_68 ca-identity All-Trusted-CA-Def_68
set security pki ca-profile All-Trusted-CA-Def_69 ca-identity All-Trusted-CA-Def_69
set security pki ca-profile All-Trusted-CA-Def_70 ca-identity All-Trusted-CA-Def_70
set security pki ca-profile All-Trusted-CA-Def_71 ca-identity All-Trusted-CA-Def_71
set security pki ca-profile All-Trusted-CA-Def_72 ca-identity All-Trusted-CA-Def_72
set security pki ca-profile All-Trusted-CA-Def_73 ca-identity All-Trusted-CA-Def_73
set security pki ca-profile All-Trusted-CA-Def_74 ca-identity All-Trusted-CA-Def_74
set security pki ca-profile All-Trusted-CA-Def_75 ca-identity All-Trusted-CA-Def_75
set security pki ca-profile All-Trusted-CA-Def_76 ca-identity All-Trusted-CA-Def_76
set security pki ca-profile All-Trusted-CA-Def_77 ca-identity All-Trusted-CA-Def_77
set security pki ca-profile All-Trusted-CA-Def_78 ca-identity All-Trusted-CA-Def_78
set security pki ca-profile All-Trusted-CA-Def_79 ca-identity All-Trusted-CA-Def_79
set security pki ca-profile All-Trusted-CA-Def_80 ca-identity All-Trusted-CA-Def_80
set security pki ca-profile All-Trusted-CA-Def_81 ca-identity All-Trusted-CA-Def_81
set security pki ca-profile All-Trusted-CA-Def_82 ca-identity All-Trusted-CA-Def_82
set security pki ca-profile All-Trusted-CA-Def_83 ca-identity All-Trusted-CA-Def_83
set security pki ca-profile All-Trusted-CA-Def_84 ca-identity All-Trusted-CA-Def_84
set security pki ca-profile All-Trusted-CA-Def_85 ca-identity All-Trusted-CA-Def_85
set security pki ca-profile All-Trusted-CA-Def_86 ca-identity All-Trusted-CA-Def_86
set security pki ca-profile All-Trusted-CA-Def_87 ca-identity All-Trusted-CA-Def_87
set security pki ca-profile All-Trusted-CA-Def_88 ca-identity All-Trusted-CA-Def_88
set security pki ca-profile All-Trusted-CA-Def_89 ca-identity All-Trusted-CA-Def_89
set security pki ca-profile All-Trusted-CA-Def_90 ca-identity All-Trusted-CA-Def_90
set security pki ca-profile All-Trusted-CA-Def_91 ca-identity All-Trusted-CA-Def_91
set security pki ca-profile All-Trusted-CA-Def_92 ca-identity All-Trusted-CA-Def_92
set security pki ca-profile All-Trusted-CA-Def_93 ca-identity All-Trusted-CA-Def_93
set security pki ca-profile All-Trusted-CA-Def_94 ca-identity All-Trusted-CA-Def_94
set security pki ca-profile All-Trusted-CA-Def_95 ca-identity All-Trusted-CA-Def_95
set security pki ca-profile All-Trusted-CA-Def_96 ca-identity All-Trusted-CA-Def_96
set security pki ca-profile All-Trusted-CA-Def_97 ca-identity All-Trusted-CA-Def_97
set security pki ca-profile All-Trusted-CA-Def_98 ca-identity All-Trusted-CA-Def_98
set security pki ca-profile All-Trusted-CA-Def_99 ca-identity All-Trusted-CA-Def_99
set security pki ca-profile All-Trusted-CA-Def_100 ca-identity All-Trusted-CA-Def_100
set security pki ca-profile All-Trusted-CA-Def_101 ca-identity All-Trusted-CA-Def_101
set security pki ca-profile All-Trusted-CA-Def_102 ca-identity All-Trusted-CA-Def_102
set security pki ca-profile All-Trusted-CA-Def_103 ca-identity All-Trusted-CA-Def_103
set security pki ca-profile All-Trusted-CA-Def_104 ca-identity All-Trusted-CA-Def_104
set security pki ca-profile All-Trusted-CA-Def_105 ca-identity All-Trusted-CA-Def_105
set security pki ca-profile All-Trusted-CA-Def_106 ca-identity All-Trusted-CA-Def_106
set security pki ca-profile All-Trusted-CA-Def_107 ca-identity All-Trusted-CA-Def_107
set security pki ca-profile All-Trusted-CA-Def_108 ca-identity All-Trusted-CA-Def_108
set security pki ca-profile All-Trusted-CA-Def_109 ca-identity All-Trusted-CA-Def_109
set security pki ca-profile All-Trusted-CA-Def_110 ca-identity All-Trusted-CA-Def_110
set security pki ca-profile All-Trusted-CA-Def_111 ca-identity All-Trusted-CA-Def_111
set security pki ca-profile All-Trusted-CA-Def_112 ca-identity All-Trusted-CA-Def_112
set security pki ca-profile All-Trusted-CA-Def_114 ca-identity All-Trusted-CA-Def_114
set security pki ca-profile All-Trusted-CA-Def_115 ca-identity All-Trusted-CA-Def_115
set security pki ca-profile All-Trusted-CA-Def_116 ca-identity All-Trusted-CA-Def_116
set security pki ca-profile All-Trusted-CA-Def_117 ca-identity All-Trusted-CA-Def_117
set security pki ca-profile All-Trusted-CA-Def_118 ca-identity All-Trusted-CA-Def_118
set security pki ca-profile All-Trusted-CA-Def_119 ca-identity All-Trusted-CA-Def_119
set security pki ca-profile All-Trusted-CA-Def_120 ca-identity All-Trusted-CA-Def_120
set security pki ca-profile All-Trusted-CA-Def_121 ca-identity All-Trusted-CA-Def_121
set security pki ca-profile All-Trusted-CA-Def_122 ca-identity All-Trusted-CA-Def_122
set security pki ca-profile All-Trusted-CA-Def_123 ca-identity All-Trusted-CA-Def_123
set security pki ca-profile All-Trusted-CA-Def_124 ca-identity All-Trusted-CA-Def_124
set security pki ca-profile All-Trusted-CA-Def_125 ca-identity All-Trusted-CA-Def_125
set security pki ca-profile All-Trusted-CA-Def_126 ca-identity All-Trusted-CA-Def_126
set security pki ca-profile All-Trusted-CA-Def_127 ca-identity All-Trusted-CA-Def_127
set security pki ca-profile All-Trusted-CA-Def_128 ca-identity All-Trusted-CA-Def_128
set security pki ca-profile All-Trusted-CA-Def_129 ca-identity All-Trusted-CA-Def_129
set security pki ca-profile All-Trusted-CA-Def_130 ca-identity All-Trusted-CA-Def_130
set security pki ca-profile All-Trusted-CA-Def_131 ca-identity All-Trusted-CA-Def_131
set security pki ca-profile All-Trusted-CA-Def_132 ca-identity All-Trusted-CA-Def_132
set security pki ca-profile All-Trusted-CA-Def_133 ca-identity All-Trusted-CA-Def_133
set security pki ca-profile All-Trusted-CA-Def_134 ca-identity All-Trusted-CA-Def_134
set security pki ca-profile All-Trusted-CA-Def_135 ca-identity All-Trusted-CA-Def_135
set security pki ca-profile All-Trusted-CA-Def_136 ca-identity All-Trusted-CA-Def_136
set security pki ca-profile All-Trusted-CA-Def_137 ca-identity All-Trusted-CA-Def_137
set security pki ca-profile All-Trusted-CA-Def_138 ca-identity All-Trusted-CA-Def_138
set security pki ca-profile All-Trusted-CA-Def_139 ca-identity All-Trusted-CA-Def_139
set security pki ca-profile All-Trusted-CA-Def_140 ca-identity All-Trusted-CA-Def_140
set security pki ca-profile All-Trusted-CA-Def_141 ca-identity All-Trusted-CA-Def_141
set security pki ca-profile All-Trusted-CA-Def_142 ca-identity All-Trusted-CA-Def_142
set security pki ca-profile All-Trusted-CA-Def_143 ca-identity All-Trusted-CA-Def_143
set security pki ca-profile All-Trusted-CA-Def_144 ca-identity All-Trusted-CA-Def_144
set security pki ca-profile All-Trusted-CA-Def_145 ca-identity All-Trusted-CA-Def_145
set security pki ca-profile All-Trusted-CA-Def_146 ca-identity All-Trusted-CA-Def_146
set security pki ca-profile All-Trusted-CA-Def_147 ca-identity All-Trusted-CA-Def_147
set security pki ca-profile All-Trusted-CA-Def_148 ca-identity All-Trusted-CA-Def_148
set security pki ca-profile All-Trusted-CA-Def_149 ca-identity All-Trusted-CA-Def_149
set security pki ca-profile All-Trusted-CA-Def_150 ca-identity All-Trusted-CA-Def_150
set security pki ca-profile All-Trusted-CA-Def_151 ca-identity All-Trusted-CA-Def_151
set security pki ca-profile All-Trusted-CA-Def_152 ca-identity All-Trusted-CA-Def_152
set security pki ca-profile All-Trusted-CA-Def_153 ca-identity All-Trusted-CA-Def_153
set security pki ca-profile All-Trusted-CA-Def_154 ca-identity All-Trusted-CA-Def_154
set security pki ca-profile All-Trusted-CA-Def_155 ca-identity All-Trusted-CA-Def_155
set security pki ca-profile ssl-inspect-ca ca-identity ssl-inspect-ca
set security pki ca-profile ssl-ca ca-identity ssl-ca
set security pki ca-profile aamw-ca ca-identity deviceCA
set security pki ca-profile aamw-ca enrollment url http://ca.junipersecurity.net:8080/ejbca/publicweb/apply/scep/SRX/pkiclient.exe
set security pki ca-profile aamw-ca revocation-check disable
set security pki ca-profile aamw-ca revocation-check crl url http://va.junipersecurity.net/ca/deviceCA.crl
set security pki ca-profile aamw-secintel-ca ca-identity JUNIPER
set security pki ca-profile aamw-secintel-ca revocation-check crl url http://va.junipersecurity.net/ca/current.crl
set security pki ca-profile aamw-cloud-ca ca-identity JUNIPER_CLOUD
set security pki ca-profile aamw-cloud-ca revocation-check crl url http://va.junipersecurity.net/ca/cloudCA.crl
set security pki ca-profile-group All-Trusted-CA-Def cert-base-count 155
set security address-book global address JSD_192.168.10.1/24 192.168.10.0/24
set security address-book global address JSD_192.168.11.1/24 192.168.11.0/24
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.10.1/24
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.11.1/24
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match destination-address any
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match application any
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then permit application-services security-intelligence-policy TPP
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then permit application-services advanced-anti-malware-policy TPP
set security policies from-zone trust to-zone untrust policy t-u match source-address any
set security policies from-zone trust to-zone untrust policy t-u match destination-address any
set security policies from-zone trust to-zone untrust policy t-u match application any
set security policies from-zone trust to-zone untrust policy t-u then permit
set security policies global policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.10.1/24
set security policies global policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.11.1/24
set security policies global policy PolicyEnforcer-Rule1-1 match destination-address any
set security policies global policy PolicyEnforcer-Rule1-1 match application any
set security policies global policy PolicyEnforcer-Rule1-1 then permit application-services security-intelligence-policy TPP
set security policies global policy PolicyEnforcer-Rule1-1 then permit application-services advanced-anti-malware-policy TPP
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces irb.12
set security zones security-zone trust interfaces irb.14
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces irb.13
set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VLAN12
set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN14
set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members VLAN13
set interfaces fxp0 unit 0 family inet address 10.13.107.186/23
set interfaces irb unit 12 family inet address 192.168.10.1/24
set interfaces irb unit 13 family inet address 192.168.231.1/24
set interfaces irb unit 14 family inet address 192.168.11.1/24
set snmp trap-group space targets 10.13.107.162
set routing-options static route 172.28.0.0/16 next-hop 10.13.106.1
set routing-options static route 10.13.0.0/16 next-hop 10.13.106.1
set routing-options static route 0.0.0.0/0 next-hop 192.168.231.10
set routing-options static route 172.29.0.0/16 next-hop 10.13.106.1
set routing-options static route 172.30.76.0/23 next-hop 10.13.106.1
set routing-options static route 10.163.69.44/30 next-hop 10.13.106.1
set protocols l2-learning global-mode switching
set access address-assignment pool wan-1 family inet network 192.168.10.1/24
set access address-assignment pool wan-1 family inet range wan-1-range low 192.168.10.10
set access address-assignment pool wan-1 family inet range wan-1-range high 192.168.10.20
set access address-assignment pool wan-1 family inet dhcp-attributes maximum-lease-time 86400
set access address-assignment pool wan-1 family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool wan-1 family inet dhcp-attributes router 192.168.10.1
set vlans VLAN12 vlan-id 12
set vlans VLAN12 l3-interface irb.12
set vlans VLAN13 vlan-id 13
set vlans VLAN13 l3-interface irb.13
set vlans VLAN14 vlan-id 14
set vlans VLAN14 l3-interface irb.14

EX4300 Access Switch Configuration

content_copy zoom_out_map
set version 15.1R5.5
set system host-name EX4300-1
set system auto-snapshot
set system time-zone America/New_York
set system root-authentication encrypted-password "$ABC123"
set system services ftp
set system services ssh max-sessions-per-connection 32
set system services telnet
set system services netconf ssh
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any any
set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)"
set system syslog file default-log-messages structured-data
set system ntp server 203.0.113.1
set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN99
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN14
set interfaces ge-0/0/12 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members VLAN14
set interfaces me0 unit 0 family inet address 10.13.107.181/23
set snmp trap-group space targets 10.13.107.162
set routing-options static route 0.0.0.0/0 next-hop 10.13.106.1
set protocols l2-learning global-mac-table-aging-time 120
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan default
set vlans VLAN14 vlan-id 14
set vlans VLAN99 vlan-id 99

EX2200 Switch Configuration

Note:

In this topology, the EX2200 switch acts as a simple default gateway to the Internet. It does not play any role in the Juniper Connected Security solution.

content_copy zoom_out_map
set version 15.1R5.5
set system host-name EX2200-INTERNET
set system root-authentication encrypted-password "$ABC123"
set system services ftp
set system services ssh
set system services telnet
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members VLAN13
set interfaces ge-0/0/47 description "to DMZ ge/0/015"
set interfaces ge-0/0/47 unit 0 family inet address 198.51.100.2/30
set interfaces me0 unit 0 family inet address 10.13.107.188/23
set interfaces vlan unit 13 family inet address 192.168.231.10/24
set routing-options static route 0.0.0.0/0 next-hop 198.51.100.1
set routing-options static route 10.13.0.0/16 next-hop 10.13.106.1
set routing-options static route 172.28.0.0/16 next-hop 10.13.106.1
set routing-options static route 192.168.0.0/16 next-hop 192.168.231.1
set protocols igmp-snooping vlan all
set protocols lldp interface all
set protocols lldp-med interface all
set vlans VLAN13 vlan-id 13
set vlans VLAN13 l3-interface vlan.13

Configuration Files for Topology #2

SRX Series Firewall Configuration

content_copy zoom_out_map
set version 15.1X49-D80.4
set system host-name SRX1500-1
set system time-zone America/New_York
set system root-authentication encrypted-password "$ABC123"
set system name-server 8.8.8.8
set system services ssh max-sessions-per-connection 32
set system services telnet
set system services xnm-clear-text
set system services netconf ssh
set system syslog user * any emergency
set system syslog host 192.168.10.4 structured-data
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any info
set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES"
set system syslog file default-log-messages structured-data
set system max-configurations-on-flash 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server 203.0.113.1
set services application-identification
set services ssl initiation profile aamw-ssl actions crl disable
set services security-intelligence url https://10.13.107.164:443/api/v1/manifest.xml
set services security-intelligence authentication auth-token ABC123
set services security-intelligence profile TPP_CC category CC
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 1
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 2
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 3
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 4
set services security-intelligence profile TPP_CC rule Rule-1 then action permit
set services security-intelligence profile TPP_CC rule Rule-1 then log
set services security-intelligence profile TPP_CC rule Rule-2 match threat-level 5
set services security-intelligence profile TPP_CC rule Rule-2 match threat-level 6
set services security-intelligence profile TPP_CC rule Rule-2 match threat-level 7
set services security-intelligence profile TPP_CC rule Rule-2 then action permit
set services security-intelligence profile TPP_CC rule Rule-2 then log
set services security-intelligence profile TPP_CC rule Rule-3 match threat-level 8
set services security-intelligence profile TPP_CC rule Rule-3 match threat-level 9
set services security-intelligence profile TPP_CC rule Rule-3 match threat-level 10
set services security-intelligence profile TPP_CC rule Rule-3 then action block drop
set services security-intelligence profile TPP_CC rule Rule-3 then log
set services security-intelligence profile TPP_Infected-Hosts category Infected-Hosts
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 1
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 2
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 3
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 4
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 5
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 6
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 then action permit
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 then log
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 7
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 8
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 9
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 10
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 then action block drop
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 then log
set services security-intelligence policy TPP CC TPP_CC
set services security-intelligence policy TPP Infected-Hosts TPP_Infected-Hosts
set services advanced-anti-malware connection url https://srxapi.us-west-2.sky.junipersecurity.net
set services advanced-anti-malware connection authentication tls-profile aamw-ssl
set services advanced-anti-malware policy TPP http inspection-profile default_profile
set services advanced-anti-malware policy TPP http action block
set services advanced-anti-malware policy TPP http notification log
set services advanced-anti-malware policy TPP verdict-threshold 8
set services advanced-anti-malware policy TPP fallback-options action permit
set services advanced-anti-malware policy TPP fallback-options notification log
set services advanced-anti-malware policy TPP default-notification log
set services advanced-anti-malware policy TPP whitelist-notification log
set services advanced-anti-malware policy TPP blacklist-notification log
set security log mode stream
set security log format sd-syslog
set security log source-address 192.168.1.254
set security log stream TRAFFIC category all
set security log stream TRAFFIC host 192.168.10.4
set security log stream TRAFFIC host port 514
set security pki ca-profile All-Trusted-CA-Def_1 ca-identity All-Trusted-CA-Def_1
set security pki ca-profile All-Trusted-CA-Def_2 ca-identity All-Trusted-CA-Def_2
set security pki ca-profile All-Trusted-CA-Def_3 ca-identity All-Trusted-CA-Def_3
set security pki ca-profile All-Trusted-CA-Def_4 ca-identity All-Trusted-CA-Def_4
set security pki ca-profile All-Trusted-CA-Def_5 ca-identity All-Trusted-CA-Def_5
set security pki ca-profile All-Trusted-CA-Def_6 ca-identity All-Trusted-CA-Def_6
set security pki ca-profile All-Trusted-CA-Def_7 ca-identity All-Trusted-CA-Def_7
set security pki ca-profile All-Trusted-CA-Def_8 ca-identity All-Trusted-CA-Def_8
set security pki ca-profile All-Trusted-CA-Def_9 ca-identity All-Trusted-CA-Def_9
set security pki ca-profile All-Trusted-CA-Def_10 ca-identity All-Trusted-CA-Def_10
set security pki ca-profile All-Trusted-CA-Def_11 ca-identity All-Trusted-CA-Def_11
set security pki ca-profile All-Trusted-CA-Def_12 ca-identity All-Trusted-CA-Def_12
set security pki ca-profile All-Trusted-CA-Def_13 ca-identity All-Trusted-CA-Def_13
set security pki ca-profile All-Trusted-CA-Def_14 ca-identity All-Trusted-CA-Def_14
set security pki ca-profile All-Trusted-CA-Def_15 ca-identity All-Trusted-CA-Def_15
set security pki ca-profile All-Trusted-CA-Def_16 ca-identity All-Trusted-CA-Def_16
set security pki ca-profile All-Trusted-CA-Def_17 ca-identity All-Trusted-CA-Def_17
set security pki ca-profile All-Trusted-CA-Def_18 ca-identity All-Trusted-CA-Def_18
set security pki ca-profile All-Trusted-CA-Def_19 ca-identity All-Trusted-CA-Def_19
set security pki ca-profile All-Trusted-CA-Def_20 ca-identity All-Trusted-CA-Def_20
set security pki ca-profile All-Trusted-CA-Def_21 ca-identity All-Trusted-CA-Def_21
set security pki ca-profile All-Trusted-CA-Def_22 ca-identity All-Trusted-CA-Def_22
set security pki ca-profile All-Trusted-CA-Def_23 ca-identity All-Trusted-CA-Def_23
set security pki ca-profile All-Trusted-CA-Def_24 ca-identity All-Trusted-CA-Def_24
set security pki ca-profile All-Trusted-CA-Def_25 ca-identity All-Trusted-CA-Def_25
set security pki ca-profile All-Trusted-CA-Def_26 ca-identity All-Trusted-CA-Def_26
set security pki ca-profile All-Trusted-CA-Def_27 ca-identity All-Trusted-CA-Def_27
set security pki ca-profile All-Trusted-CA-Def_28 ca-identity All-Trusted-CA-Def_28
set security pki ca-profile All-Trusted-CA-Def_29 ca-identity All-Trusted-CA-Def_29
set security pki ca-profile All-Trusted-CA-Def_30 ca-identity All-Trusted-CA-Def_30
set security pki ca-profile All-Trusted-CA-Def_31 ca-identity All-Trusted-CA-Def_31
set security pki ca-profile All-Trusted-CA-Def_32 ca-identity All-Trusted-CA-Def_32
set security pki ca-profile All-Trusted-CA-Def_33 ca-identity All-Trusted-CA-Def_33
set security pki ca-profile All-Trusted-CA-Def_34 ca-identity All-Trusted-CA-Def_34
set security pki ca-profile All-Trusted-CA-Def_35 ca-identity All-Trusted-CA-Def_35
set security pki ca-profile All-Trusted-CA-Def_36 ca-identity All-Trusted-CA-Def_36
set security pki ca-profile All-Trusted-CA-Def_37 ca-identity All-Trusted-CA-Def_37
set security pki ca-profile All-Trusted-CA-Def_38 ca-identity All-Trusted-CA-Def_38
set security pki ca-profile All-Trusted-CA-Def_39 ca-identity All-Trusted-CA-Def_39
set security pki ca-profile All-Trusted-CA-Def_40 ca-identity All-Trusted-CA-Def_40
set security pki ca-profile All-Trusted-CA-Def_41 ca-identity All-Trusted-CA-Def_41
set security pki ca-profile All-Trusted-CA-Def_42 ca-identity All-Trusted-CA-Def_42
set security pki ca-profile All-Trusted-CA-Def_43 ca-identity All-Trusted-CA-Def_43
set security pki ca-profile All-Trusted-CA-Def_44 ca-identity All-Trusted-CA-Def_44
set security pki ca-profile All-Trusted-CA-Def_45 ca-identity All-Trusted-CA-Def_45
set security pki ca-profile All-Trusted-CA-Def_46 ca-identity All-Trusted-CA-Def_46
set security pki ca-profile All-Trusted-CA-Def_47 ca-identity All-Trusted-CA-Def_47
set security pki ca-profile All-Trusted-CA-Def_48 ca-identity All-Trusted-CA-Def_48
set security pki ca-profile All-Trusted-CA-Def_49 ca-identity All-Trusted-CA-Def_49
set security pki ca-profile All-Trusted-CA-Def_50 ca-identity All-Trusted-CA-Def_50
set security pki ca-profile All-Trusted-CA-Def_51 ca-identity All-Trusted-CA-Def_51
set security pki ca-profile All-Trusted-CA-Def_52 ca-identity All-Trusted-CA-Def_52
set security pki ca-profile All-Trusted-CA-Def_53 ca-identity All-Trusted-CA-Def_53
set security pki ca-profile All-Trusted-CA-Def_54 ca-identity All-Trusted-CA-Def_54
set security pki ca-profile All-Trusted-CA-Def_55 ca-identity All-Trusted-CA-Def_55
set security pki ca-profile All-Trusted-CA-Def_56 ca-identity All-Trusted-CA-Def_56
set security pki ca-profile All-Trusted-CA-Def_57 ca-identity All-Trusted-CA-Def_57
set security pki ca-profile All-Trusted-CA-Def_58 ca-identity All-Trusted-CA-Def_58
set security pki ca-profile All-Trusted-CA-Def_59 ca-identity All-Trusted-CA-Def_59
set security pki ca-profile All-Trusted-CA-Def_60 ca-identity All-Trusted-CA-Def_60
set security pki ca-profile All-Trusted-CA-Def_61 ca-identity All-Trusted-CA-Def_61
set security pki ca-profile All-Trusted-CA-Def_62 ca-identity All-Trusted-CA-Def_62
set security pki ca-profile All-Trusted-CA-Def_63 ca-identity All-Trusted-CA-Def_63
set security pki ca-profile All-Trusted-CA-Def_64 ca-identity All-Trusted-CA-Def_64
set security pki ca-profile All-Trusted-CA-Def_65 ca-identity All-Trusted-CA-Def_65
set security pki ca-profile All-Trusted-CA-Def_66 ca-identity All-Trusted-CA-Def_66
set security pki ca-profile All-Trusted-CA-Def_67 ca-identity All-Trusted-CA-Def_67
set security pki ca-profile All-Trusted-CA-Def_68 ca-identity All-Trusted-CA-Def_68
set security pki ca-profile All-Trusted-CA-Def_69 ca-identity All-Trusted-CA-Def_69
set security pki ca-profile All-Trusted-CA-Def_70 ca-identity All-Trusted-CA-Def_70
set security pki ca-profile All-Trusted-CA-Def_71 ca-identity All-Trusted-CA-Def_71
set security pki ca-profile All-Trusted-CA-Def_72 ca-identity All-Trusted-CA-Def_72
set security pki ca-profile All-Trusted-CA-Def_73 ca-identity All-Trusted-CA-Def_73
set security pki ca-profile All-Trusted-CA-Def_74 ca-identity All-Trusted-CA-Def_74
set security pki ca-profile All-Trusted-CA-Def_75 ca-identity All-Trusted-CA-Def_75
set security pki ca-profile All-Trusted-CA-Def_76 ca-identity All-Trusted-CA-Def_76
set security pki ca-profile All-Trusted-CA-Def_77 ca-identity All-Trusted-CA-Def_77
set security pki ca-profile All-Trusted-CA-Def_78 ca-identity All-Trusted-CA-Def_78
set security pki ca-profile All-Trusted-CA-Def_79 ca-identity All-Trusted-CA-Def_79
set security pki ca-profile All-Trusted-CA-Def_80 ca-identity All-Trusted-CA-Def_80
set security pki ca-profile All-Trusted-CA-Def_81 ca-identity All-Trusted-CA-Def_81
set security pki ca-profile All-Trusted-CA-Def_82 ca-identity All-Trusted-CA-Def_82
set security pki ca-profile All-Trusted-CA-Def_83 ca-identity All-Trusted-CA-Def_83
set security pki ca-profile All-Trusted-CA-Def_84 ca-identity All-Trusted-CA-Def_84
set security pki ca-profile All-Trusted-CA-Def_85 ca-identity All-Trusted-CA-Def_85
set security pki ca-profile All-Trusted-CA-Def_86 ca-identity All-Trusted-CA-Def_86
set security pki ca-profile All-Trusted-CA-Def_87 ca-identity All-Trusted-CA-Def_87
set security pki ca-profile All-Trusted-CA-Def_88 ca-identity All-Trusted-CA-Def_88
set security pki ca-profile All-Trusted-CA-Def_89 ca-identity All-Trusted-CA-Def_89
set security pki ca-profile All-Trusted-CA-Def_90 ca-identity All-Trusted-CA-Def_90
set security pki ca-profile All-Trusted-CA-Def_91 ca-identity All-Trusted-CA-Def_91
set security pki ca-profile All-Trusted-CA-Def_92 ca-identity All-Trusted-CA-Def_92
set security pki ca-profile All-Trusted-CA-Def_93 ca-identity All-Trusted-CA-Def_93
set security pki ca-profile All-Trusted-CA-Def_94 ca-identity All-Trusted-CA-Def_94
set security pki ca-profile All-Trusted-CA-Def_95 ca-identity All-Trusted-CA-Def_95
set security pki ca-profile All-Trusted-CA-Def_96 ca-identity All-Trusted-CA-Def_96
set security pki ca-profile All-Trusted-CA-Def_97 ca-identity All-Trusted-CA-Def_97
set security pki ca-profile All-Trusted-CA-Def_98 ca-identity All-Trusted-CA-Def_98
set security pki ca-profile All-Trusted-CA-Def_99 ca-identity All-Trusted-CA-Def_99
set security pki ca-profile All-Trusted-CA-Def_100 ca-identity All-Trusted-CA-Def_100
set security pki ca-profile All-Trusted-CA-Def_101 ca-identity All-Trusted-CA-Def_101
set security pki ca-profile All-Trusted-CA-Def_102 ca-identity All-Trusted-CA-Def_102
set security pki ca-profile All-Trusted-CA-Def_103 ca-identity All-Trusted-CA-Def_103
set security pki ca-profile All-Trusted-CA-Def_104 ca-identity All-Trusted-CA-Def_104
set security pki ca-profile All-Trusted-CA-Def_105 ca-identity All-Trusted-CA-Def_105
set security pki ca-profile All-Trusted-CA-Def_106 ca-identity All-Trusted-CA-Def_106
set security pki ca-profile All-Trusted-CA-Def_107 ca-identity All-Trusted-CA-Def_107
set security pki ca-profile All-Trusted-CA-Def_108 ca-identity All-Trusted-CA-Def_108
set security pki ca-profile All-Trusted-CA-Def_109 ca-identity All-Trusted-CA-Def_109
set security pki ca-profile All-Trusted-CA-Def_110 ca-identity All-Trusted-CA-Def_110
set security pki ca-profile All-Trusted-CA-Def_111 ca-identity All-Trusted-CA-Def_111
set security pki ca-profile All-Trusted-CA-Def_112 ca-identity All-Trusted-CA-Def_112
set security pki ca-profile All-Trusted-CA-Def_114 ca-identity All-Trusted-CA-Def_114
set security pki ca-profile All-Trusted-CA-Def_115 ca-identity All-Trusted-CA-Def_115
set security pki ca-profile All-Trusted-CA-Def_116 ca-identity All-Trusted-CA-Def_116
set security pki ca-profile All-Trusted-CA-Def_117 ca-identity All-Trusted-CA-Def_117
set security pki ca-profile All-Trusted-CA-Def_118 ca-identity All-Trusted-CA-Def_118
set security pki ca-profile All-Trusted-CA-Def_119 ca-identity All-Trusted-CA-Def_119
set security pki ca-profile All-Trusted-CA-Def_120 ca-identity All-Trusted-CA-Def_120
set security pki ca-profile All-Trusted-CA-Def_121 ca-identity All-Trusted-CA-Def_121
set security pki ca-profile All-Trusted-CA-Def_122 ca-identity All-Trusted-CA-Def_122
set security pki ca-profile All-Trusted-CA-Def_123 ca-identity All-Trusted-CA-Def_123
set security pki ca-profile All-Trusted-CA-Def_124 ca-identity All-Trusted-CA-Def_124
set security pki ca-profile All-Trusted-CA-Def_125 ca-identity All-Trusted-CA-Def_125
set security pki ca-profile All-Trusted-CA-Def_126 ca-identity All-Trusted-CA-Def_126
set security pki ca-profile All-Trusted-CA-Def_127 ca-identity All-Trusted-CA-Def_127
set security pki ca-profile All-Trusted-CA-Def_128 ca-identity All-Trusted-CA-Def_128
set security pki ca-profile All-Trusted-CA-Def_129 ca-identity All-Trusted-CA-Def_129
set security pki ca-profile All-Trusted-CA-Def_130 ca-identity All-Trusted-CA-Def_130
set security pki ca-profile All-Trusted-CA-Def_131 ca-identity All-Trusted-CA-Def_131
set security pki ca-profile All-Trusted-CA-Def_132 ca-identity All-Trusted-CA-Def_132
set security pki ca-profile All-Trusted-CA-Def_133 ca-identity All-Trusted-CA-Def_133
set security pki ca-profile All-Trusted-CA-Def_134 ca-identity All-Trusted-CA-Def_134
set security pki ca-profile All-Trusted-CA-Def_135 ca-identity All-Trusted-CA-Def_135
set security pki ca-profile All-Trusted-CA-Def_136 ca-identity All-Trusted-CA-Def_136
set security pki ca-profile All-Trusted-CA-Def_137 ca-identity All-Trusted-CA-Def_137
set security pki ca-profile All-Trusted-CA-Def_138 ca-identity All-Trusted-CA-Def_138
set security pki ca-profile All-Trusted-CA-Def_139 ca-identity All-Trusted-CA-Def_139
set security pki ca-profile All-Trusted-CA-Def_140 ca-identity All-Trusted-CA-Def_140
set security pki ca-profile All-Trusted-CA-Def_141 ca-identity All-Trusted-CA-Def_141
set security pki ca-profile All-Trusted-CA-Def_142 ca-identity All-Trusted-CA-Def_142
set security pki ca-profile All-Trusted-CA-Def_143 ca-identity All-Trusted-CA-Def_143
set security pki ca-profile All-Trusted-CA-Def_144 ca-identity All-Trusted-CA-Def_144
set security pki ca-profile All-Trusted-CA-Def_145 ca-identity All-Trusted-CA-Def_145
set security pki ca-profile All-Trusted-CA-Def_146 ca-identity All-Trusted-CA-Def_146
set security pki ca-profile All-Trusted-CA-Def_147 ca-identity All-Trusted-CA-Def_147
set security pki ca-profile All-Trusted-CA-Def_148 ca-identity All-Trusted-CA-Def_148
set security pki ca-profile All-Trusted-CA-Def_149 ca-identity All-Trusted-CA-Def_149
set security pki ca-profile All-Trusted-CA-Def_150 ca-identity All-Trusted-CA-Def_150
set security pki ca-profile All-Trusted-CA-Def_151 ca-identity All-Trusted-CA-Def_151
set security pki ca-profile All-Trusted-CA-Def_152 ca-identity All-Trusted-CA-Def_152
set security pki ca-profile All-Trusted-CA-Def_153 ca-identity All-Trusted-CA-Def_153
set security pki ca-profile All-Trusted-CA-Def_154 ca-identity All-Trusted-CA-Def_154
set security pki ca-profile All-Trusted-CA-Def_155 ca-identity All-Trusted-CA-Def_155
set security pki ca-profile ssl-inspect-ca ca-identity ssl-inspect-ca
set security pki ca-profile ssl-ca ca-identity ssl-ca
set security pki ca-profile aamw-ca ca-identity deviceCA
set security pki ca-profile aamw-ca enrollment url http://ca.junipersecurity.net:8080/ejbca/publicweb/apply/scep/SRX/pkiclient.exe
set security pki ca-profile aamw-ca revocation-check disable
set security pki ca-profile aamw-ca revocation-check crl url http://va.junipersecurity.net/ca/deviceCA.crl
set security pki ca-profile aamw-secintel-ca ca-identity JUNIPER
set security pki ca-profile aamw-secintel-ca revocation-check crl url http://va.junipersecurity.net/ca/current.crl
set security pki ca-profile aamw-cloud-ca ca-identity JUNIPER_CLOUD
set security pki ca-profile aamw-cloud-ca revocation-check crl url http://va.junipersecurity.net/ca/cloudCA.crl
set security pki ca-profile-group All-Trusted-CA-Def cert-base-count 155
set security address-book global address JSD_192.168.10.1/24 192.168.10.0/24
set security address-book global address JSD_192.168.11.1/24 192.168.11.0/24
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.10.1/24
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.11.1/24
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match destination-address any
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match application any
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then permit application-services security-intelligence-policy TPP
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then permit application-services advanced-anti-malware-policy TPP
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then log session-init
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then count
set security policies from-zone trust to-zone untrust policy t-u match source-address any
set security policies from-zone trust to-zone untrust policy t-u match destination-address any
set security policies from-zone trust to-zone untrust policy t-u match application any
set security policies from-zone trust to-zone untrust policy t-u then permit
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.10.1/24
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.11.1/24
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 match destination-address any
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 match application any
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 then permit application-services security-intelligence-policy TPP
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 then permit application-services advanced-anti-malware-policy TPP
set security policies from-zone untrust to-zone trust policy u-t match source-address any
set security policies from-zone untrust to-zone trust policy u-t match destination-address any
set security policies from-zone untrust to-zone trust policy u-t match application any
set security policies from-zone untrust to-zone trust policy u-t then permit
set security policies global policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.10.1/24
set security policies global policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.11.1/24
set security policies global policy PolicyEnforcer-Rule1-1 match destination-address any
set security policies global policy PolicyEnforcer-Rule1-1 match application any
set security policies global policy PolicyEnforcer-Rule1-1 then permit application-services security-intelligence-policy TPP
set security policies global policy PolicyEnforcer-Rule1-1 then permit application-services advanced-anti-malware-policy TPP
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/0.12
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/2.13
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 12 vlan-id 12
set interfaces ge-0/0/0 unit 12 family inet address 192.168.1.254/24
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 unit 13 vlan-id 13
set interfaces ge-0/0/2 unit 13 family inet address 192.168.231.1/24
set interfaces fxp0 description MGMT
set interfaces fxp0 unit 0 family inet address 10.13.107.186/23
set snmp trap-group space targets 10.13.107.162
set routing-options static route 172.28.0.0/16 next-hop 10.13.106.1
set routing-options static route 10.13.0.0/16 next-hop 10.13.106.1
set routing-options static route 0.0.0.0/0 next-hop 192.168.231.10
set routing-options static route 192.168.10.0/24 next-hop 192.168.1.1
set routing-options static route 192.168.11.0/24 next-hop 192.168.1.1
set routing-options static route 192.168.99.0/24 next-hop 192.168.1.1
set routing-options static route 172.29.64.0/20 next-hop 10.13.106.1
set routing-options static route 172.29.80.0/20 next-hop 10.13.106.1

EX4300-1 Access Switch Configuration

content_copy zoom_out_map
set version 15.1R5.5
set system host-name EX4300-1
set system auto-snapshot
set system time-zone America/New_York
set system root-authentication encrypted-password "$ABC123"
set system services ftp
set system services ssh max-sessions-per-connection 32
set system services telnet
set system services netconf ssh
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any any
set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)"
set system syslog file default-log-messages structured-data
set system ntp server 203.0.113.1
set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN11
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN99
set interfaces ge-0/0/12 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members VLAN11
set interfaces me0 unit 0 family inet address 10.13.107.181/23
set snmp trap-group space targets 10.13.107.162
set routing-options static route 0.0.0.0/0 next-hop 10.13.106.1
set protocols l2-learning global-mac-table-aging-time 120
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan default
set vlans VLAN11 vlan-id 11
set vlans VLAN99 vlan-id 99

EX4300-2 Access Switch Configuration

content_copy zoom_out_map
set version 15.1R5.5
set system host-name EX4300-2
set system auto-snapshot
set system time-zone America/New_York
set system root-authentication encrypted-password "$ABC123"
set system services ftp
set system services ssh max-sessions-per-connection 32
set system services telnet
set system services netconf ssh
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any any
set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)"
set system syslog file default-log-messages structured-data
set system ntp server 203.0.113.1
set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VLAN99
set interfaces xe-0/2/0 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/2/0 unit 0 family ethernet-switching vlan members VLAN10
set interfaces me0 unit 0 family inet address 10.13.107.180/23
set snmp trap-group space targets 10.13.107.162
set routing-options static route 0.0.0.0/0 next-hop 10.13.106.1
set protocols l2-learning global-mac-table-aging-time 120
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan default
set vlans VLAN10 vlan-id 10
set vlans VLAN99 vlan-id 99

EX2200 Aggregation Switch Configuration

content_copy zoom_out_map
set version 15.1R5.5
set system host-name EX2200-LAN
set system arp aging-timer 2
set system root-authentication encrypted-password "$ABC123"
set system services ftp
set system services ssh max-sessions-per-connection 32
set system services netconf ssh
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any any
set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)"
set system syslog file default-log-messages structured-data
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VLAN99
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN11
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN99
set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members VLAN12
set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members VLAN12
set interfaces me0 unit 0 family inet address 10.13.107.182/23
set interfaces vlan unit 10 family inet address 192.168.10.1/24
set interfaces vlan unit 11 family inet address 192.168.11.1/24
set interfaces vlan unit 12 family inet address 192.168.1.1/24
set interfaces vlan unit 99 family inet address 192.168.99.1/24
set snmp trap-group space targets 10.13.107.162
set routing-options static route 10.13.0.0/16 next-hop 10.13.106.1
set routing-options static route 172.28.0.0/16 next-hop 10.13.106.1
set routing-options static route 0.0.0.0/0 next-hop 192.168.1.254
set routing-options static route 172.29.64.0/20 next-hop 10.13.106.1
set routing-options static route 172.29.80.0/20 next-hop 10.13.106.1
set protocols igmp-snooping vlan all
set protocols lldp interface all
set protocols lldp-med interface all
set vlans VLAN10 vlan-id 10
set vlans VLAN10 l3-interface vlan.10
set vlans VLAN11 vlan-id 11
set vlans VLAN11 l3-interface vlan.11
set vlans VLAN12 vlan-id 12
set vlans VLAN12 l3-interface vlan.12
set vlans VLAN99 vlan-id 99
set vlans VLAN99 l3-interface vlan.99

EX2200 Internet Gateway Switch Configuration

Note:

In this topology, the EX2200 switch acts as a simple default gateway to the Internet. It does not play any role in the Juniper Connected Security solution.

content_copy zoom_out_map
set version 15.1R5.5
set system host-name EX2200-INTERNET
set system root-authentication encrypted-password "$ABC123"
set system services ftp
set system services ssh
set system services telnet
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members VLAN13
set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members VLAN13
set interfaces ge-0/0/47 description "to DMZ ge/0/015"
set interfaces ge-0/0/47 unit 0 family inet address 198.51.100.2/30
set interfaces me0 unit 0 family inet address 10.13.107.188/23
set interfaces vlan unit 13 family inet address 192.168.231.10/24
set routing-options static route 0.0.0.0/0 next-hop 198.51.100.1
set routing-options static route 10.13.0.0/16 next-hop 10.13.106.1
set routing-options static route 172.28.0.0/16 next-hop 10.13.106.1
set routing-options static route 192.168.0.0/16 next-hop 192.168.231.1
set protocols igmp-snooping vlan all
set protocols lldp interface all
set protocols lldp-med interface all
set vlans VLAN13 vlan-id 13
set vlans VLAN13 l3-interface vlan.13

Configuration Files for Topology #3

SRX Series Firewall Configuration

content_copy zoom_out_map
set version 15.1X49-D80.4
set system host-name SRX1500-1
set system time-zone America/New_York
set system root-authentication encrypted-password "$ABC123"
set system name-server 8.8.8.8
set system services ssh max-sessions-per-connection 32
set system services telnet
set system services xnm-clear-text
set system services netconf ssh
set system syslog user * any emergency
set system syslog host 192.168.10.4 structured-data
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any info
set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES"
set system syslog file default-log-messages structured-data
set system max-configurations-on-flash 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server 203.0.113.1
set services application-identification
set services ssl initiation profile aamw-ssl trusted-ca aamw-secintel-ca
set services ssl initiation profile aamw-ssl trusted-ca aamw-cloud-ca
set services ssl initiation profile aamw-ssl client-certificate aamw-srx-cert
set services ssl initiation profile aamw-ssl actions crl disable
set services security-intelligence url https://10.13.107.164:443/api/v1/manifest.xml
set services security-intelligence authentication auth-token ABC123
set services security-intelligence profile TPP_CC category CC
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 1
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 2
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 3
set services security-intelligence profile TPP_CC rule Rule-1 match threat-level 4
set services security-intelligence profile TPP_CC rule Rule-1 then action permit
set services security-intelligence profile TPP_CC rule Rule-1 then log
set services security-intelligence profile TPP_CC rule Rule-2 match threat-level 5
set services security-intelligence profile TPP_CC rule Rule-2 match threat-level 6
set services security-intelligence profile TPP_CC rule Rule-2 match threat-level 7
set services security-intelligence profile TPP_CC rule Rule-2 then action permit
set services security-intelligence profile TPP_CC rule Rule-2 then log
set services security-intelligence profile TPP_CC rule Rule-3 match threat-level 8
set services security-intelligence profile TPP_CC rule Rule-3 match threat-level 9
set services security-intelligence profile TPP_CC rule Rule-3 match threat-level 10
set services security-intelligence profile TPP_CC rule Rule-3 then action block drop
set services security-intelligence profile TPP_CC rule Rule-3 then log
set services security-intelligence profile TPP_Infected-Hosts category Infected-Hosts
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 1
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 2
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 3
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 4
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 5
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 match threat-level 6
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 then action permit
set services security-intelligence profile TPP_Infected-Hosts rule Rule-1 then log
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 7
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 8
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 9
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 match threat-level 10
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 then action block drop
set services security-intelligence profile TPP_Infected-Hosts rule Rule-2 then log
set services security-intelligence policy TPP CC TPP_CC
set services security-intelligence policy TPP Infected-Hosts TPP_Infected-Hosts
set services advanced-anti-malware connection url https://srxapi.us-west-2.sky.junipersecurity.net
set services advanced-anti-malware connection authentication tls-profile aamw-ssl
set services advanced-anti-malware policy TPP http inspection-profile default_profile
set services advanced-anti-malware policy TPP http action block
set services advanced-anti-malware policy TPP http notification log
set services advanced-anti-malware policy TPP verdict-threshold 8
set services advanced-anti-malware policy TPP fallback-options action permit
set services advanced-anti-malware policy TPP fallback-options notification log
set services advanced-anti-malware policy TPP default-notification log
set services advanced-anti-malware policy TPP whitelist-notification log
set services advanced-anti-malware policy TPP blacklist-notification log
set security log mode stream
set security log format sd-syslog
set security log source-address 192.168.1.254
set security log stream TRAFFIC category all
set security log stream TRAFFIC host 192.168.10.4
set security log stream TRAFFIC host port 514
set security pki ca-profile All-Trusted-CA-Def_1 ca-identity All-Trusted-CA-Def_1
set security pki ca-profile All-Trusted-CA-Def_2 ca-identity All-Trusted-CA-Def_2
set security pki ca-profile All-Trusted-CA-Def_3 ca-identity All-Trusted-CA-Def_3
set security pki ca-profile All-Trusted-CA-Def_4 ca-identity All-Trusted-CA-Def_4
set security pki ca-profile All-Trusted-CA-Def_5 ca-identity All-Trusted-CA-Def_5
set security pki ca-profile All-Trusted-CA-Def_6 ca-identity All-Trusted-CA-Def_6
set security pki ca-profile All-Trusted-CA-Def_7 ca-identity All-Trusted-CA-Def_7
set security pki ca-profile All-Trusted-CA-Def_8 ca-identity All-Trusted-CA-Def_8
set security pki ca-profile All-Trusted-CA-Def_9 ca-identity All-Trusted-CA-Def_9
set security pki ca-profile All-Trusted-CA-Def_10 ca-identity All-Trusted-CA-Def_10
set security pki ca-profile All-Trusted-CA-Def_11 ca-identity All-Trusted-CA-Def_11
set security pki ca-profile All-Trusted-CA-Def_12 ca-identity All-Trusted-CA-Def_12
set security pki ca-profile All-Trusted-CA-Def_13 ca-identity All-Trusted-CA-Def_13
set security pki ca-profile All-Trusted-CA-Def_14 ca-identity All-Trusted-CA-Def_14
set security pki ca-profile All-Trusted-CA-Def_15 ca-identity All-Trusted-CA-Def_15
set security pki ca-profile All-Trusted-CA-Def_16 ca-identity All-Trusted-CA-Def_16
set security pki ca-profile All-Trusted-CA-Def_17 ca-identity All-Trusted-CA-Def_17
set security pki ca-profile All-Trusted-CA-Def_18 ca-identity All-Trusted-CA-Def_18
set security pki ca-profile All-Trusted-CA-Def_19 ca-identity All-Trusted-CA-Def_19
set security pki ca-profile All-Trusted-CA-Def_20 ca-identity All-Trusted-CA-Def_20
set security pki ca-profile All-Trusted-CA-Def_21 ca-identity All-Trusted-CA-Def_21
set security pki ca-profile All-Trusted-CA-Def_22 ca-identity All-Trusted-CA-Def_22
set security pki ca-profile All-Trusted-CA-Def_23 ca-identity All-Trusted-CA-Def_23
set security pki ca-profile All-Trusted-CA-Def_24 ca-identity All-Trusted-CA-Def_24
set security pki ca-profile All-Trusted-CA-Def_25 ca-identity All-Trusted-CA-Def_25
set security pki ca-profile All-Trusted-CA-Def_26 ca-identity All-Trusted-CA-Def_26
set security pki ca-profile All-Trusted-CA-Def_27 ca-identity All-Trusted-CA-Def_27
set security pki ca-profile All-Trusted-CA-Def_28 ca-identity All-Trusted-CA-Def_28
set security pki ca-profile All-Trusted-CA-Def_29 ca-identity All-Trusted-CA-Def_29
set security pki ca-profile All-Trusted-CA-Def_30 ca-identity All-Trusted-CA-Def_30
set security pki ca-profile All-Trusted-CA-Def_31 ca-identity All-Trusted-CA-Def_31
set security pki ca-profile All-Trusted-CA-Def_32 ca-identity All-Trusted-CA-Def_32
set security pki ca-profile All-Trusted-CA-Def_33 ca-identity All-Trusted-CA-Def_33
set security pki ca-profile All-Trusted-CA-Def_34 ca-identity All-Trusted-CA-Def_34
set security pki ca-profile All-Trusted-CA-Def_35 ca-identity All-Trusted-CA-Def_35
set security pki ca-profile All-Trusted-CA-Def_36 ca-identity All-Trusted-CA-Def_36
set security pki ca-profile All-Trusted-CA-Def_37 ca-identity All-Trusted-CA-Def_37
set security pki ca-profile All-Trusted-CA-Def_38 ca-identity All-Trusted-CA-Def_38
set security pki ca-profile All-Trusted-CA-Def_39 ca-identity All-Trusted-CA-Def_39
set security pki ca-profile All-Trusted-CA-Def_40 ca-identity All-Trusted-CA-Def_40
set security pki ca-profile All-Trusted-CA-Def_41 ca-identity All-Trusted-CA-Def_41
set security pki ca-profile All-Trusted-CA-Def_42 ca-identity All-Trusted-CA-Def_42
set security pki ca-profile All-Trusted-CA-Def_43 ca-identity All-Trusted-CA-Def_43
set security pki ca-profile All-Trusted-CA-Def_44 ca-identity All-Trusted-CA-Def_44
set security pki ca-profile All-Trusted-CA-Def_45 ca-identity All-Trusted-CA-Def_45
set security pki ca-profile All-Trusted-CA-Def_46 ca-identity All-Trusted-CA-Def_46
set security pki ca-profile All-Trusted-CA-Def_47 ca-identity All-Trusted-CA-Def_47
set security pki ca-profile All-Trusted-CA-Def_48 ca-identity All-Trusted-CA-Def_48
set security pki ca-profile All-Trusted-CA-Def_49 ca-identity All-Trusted-CA-Def_49
set security pki ca-profile All-Trusted-CA-Def_50 ca-identity All-Trusted-CA-Def_50
set security pki ca-profile All-Trusted-CA-Def_51 ca-identity All-Trusted-CA-Def_51
set security pki ca-profile All-Trusted-CA-Def_52 ca-identity All-Trusted-CA-Def_52
set security pki ca-profile All-Trusted-CA-Def_53 ca-identity All-Trusted-CA-Def_53
set security pki ca-profile All-Trusted-CA-Def_54 ca-identity All-Trusted-CA-Def_54
set security pki ca-profile All-Trusted-CA-Def_55 ca-identity All-Trusted-CA-Def_55
set security pki ca-profile All-Trusted-CA-Def_56 ca-identity All-Trusted-CA-Def_56
set security pki ca-profile All-Trusted-CA-Def_57 ca-identity All-Trusted-CA-Def_57
set security pki ca-profile All-Trusted-CA-Def_58 ca-identity All-Trusted-CA-Def_58
set security pki ca-profile All-Trusted-CA-Def_59 ca-identity All-Trusted-CA-Def_59
set security pki ca-profile All-Trusted-CA-Def_60 ca-identity All-Trusted-CA-Def_60
set security pki ca-profile All-Trusted-CA-Def_61 ca-identity All-Trusted-CA-Def_61
set security pki ca-profile All-Trusted-CA-Def_62 ca-identity All-Trusted-CA-Def_62
set security pki ca-profile All-Trusted-CA-Def_63 ca-identity All-Trusted-CA-Def_63
set security pki ca-profile All-Trusted-CA-Def_64 ca-identity All-Trusted-CA-Def_64
set security pki ca-profile All-Trusted-CA-Def_65 ca-identity All-Trusted-CA-Def_65
set security pki ca-profile All-Trusted-CA-Def_66 ca-identity All-Trusted-CA-Def_66
set security pki ca-profile All-Trusted-CA-Def_67 ca-identity All-Trusted-CA-Def_67
set security pki ca-profile All-Trusted-CA-Def_68 ca-identity All-Trusted-CA-Def_68
set security pki ca-profile All-Trusted-CA-Def_69 ca-identity All-Trusted-CA-Def_69
set security pki ca-profile All-Trusted-CA-Def_70 ca-identity All-Trusted-CA-Def_70
set security pki ca-profile All-Trusted-CA-Def_71 ca-identity All-Trusted-CA-Def_71
set security pki ca-profile All-Trusted-CA-Def_72 ca-identity All-Trusted-CA-Def_72
set security pki ca-profile All-Trusted-CA-Def_73 ca-identity All-Trusted-CA-Def_73
set security pki ca-profile All-Trusted-CA-Def_74 ca-identity All-Trusted-CA-Def_74
set security pki ca-profile All-Trusted-CA-Def_75 ca-identity All-Trusted-CA-Def_75
set security pki ca-profile All-Trusted-CA-Def_76 ca-identity All-Trusted-CA-Def_76
set security pki ca-profile All-Trusted-CA-Def_77 ca-identity All-Trusted-CA-Def_77
set security pki ca-profile All-Trusted-CA-Def_78 ca-identity All-Trusted-CA-Def_78
set security pki ca-profile All-Trusted-CA-Def_79 ca-identity All-Trusted-CA-Def_79
set security pki ca-profile All-Trusted-CA-Def_80 ca-identity All-Trusted-CA-Def_80
set security pki ca-profile All-Trusted-CA-Def_81 ca-identity All-Trusted-CA-Def_81
set security pki ca-profile All-Trusted-CA-Def_82 ca-identity All-Trusted-CA-Def_82
set security pki ca-profile All-Trusted-CA-Def_83 ca-identity All-Trusted-CA-Def_83
set security pki ca-profile All-Trusted-CA-Def_84 ca-identity All-Trusted-CA-Def_84
set security pki ca-profile All-Trusted-CA-Def_85 ca-identity All-Trusted-CA-Def_85
set security pki ca-profile All-Trusted-CA-Def_86 ca-identity All-Trusted-CA-Def_86
set security pki ca-profile All-Trusted-CA-Def_87 ca-identity All-Trusted-CA-Def_87
set security pki ca-profile All-Trusted-CA-Def_88 ca-identity All-Trusted-CA-Def_88
set security pki ca-profile All-Trusted-CA-Def_89 ca-identity All-Trusted-CA-Def_89
set security pki ca-profile All-Trusted-CA-Def_90 ca-identity All-Trusted-CA-Def_90
set security pki ca-profile All-Trusted-CA-Def_91 ca-identity All-Trusted-CA-Def_91
set security pki ca-profile All-Trusted-CA-Def_92 ca-identity All-Trusted-CA-Def_92
set security pki ca-profile All-Trusted-CA-Def_93 ca-identity All-Trusted-CA-Def_93
set security pki ca-profile All-Trusted-CA-Def_94 ca-identity All-Trusted-CA-Def_94
set security pki ca-profile All-Trusted-CA-Def_95 ca-identity All-Trusted-CA-Def_95
set security pki ca-profile All-Trusted-CA-Def_96 ca-identity All-Trusted-CA-Def_96
set security pki ca-profile All-Trusted-CA-Def_97 ca-identity All-Trusted-CA-Def_97
set security pki ca-profile All-Trusted-CA-Def_98 ca-identity All-Trusted-CA-Def_98
set security pki ca-profile All-Trusted-CA-Def_99 ca-identity All-Trusted-CA-Def_99
set security pki ca-profile All-Trusted-CA-Def_100 ca-identity All-Trusted-CA-Def_100
set security pki ca-profile All-Trusted-CA-Def_101 ca-identity All-Trusted-CA-Def_101
set security pki ca-profile All-Trusted-CA-Def_102 ca-identity All-Trusted-CA-Def_102
set security pki ca-profile All-Trusted-CA-Def_103 ca-identity All-Trusted-CA-Def_103
set security pki ca-profile All-Trusted-CA-Def_104 ca-identity All-Trusted-CA-Def_104
set security pki ca-profile All-Trusted-CA-Def_105 ca-identity All-Trusted-CA-Def_105
set security pki ca-profile All-Trusted-CA-Def_106 ca-identity All-Trusted-CA-Def_106
set security pki ca-profile All-Trusted-CA-Def_107 ca-identity All-Trusted-CA-Def_107
set security pki ca-profile All-Trusted-CA-Def_108 ca-identity All-Trusted-CA-Def_108
set security pki ca-profile All-Trusted-CA-Def_109 ca-identity All-Trusted-CA-Def_109
set security pki ca-profile All-Trusted-CA-Def_110 ca-identity All-Trusted-CA-Def_110
set security pki ca-profile All-Trusted-CA-Def_111 ca-identity All-Trusted-CA-Def_111
set security pki ca-profile All-Trusted-CA-Def_112 ca-identity All-Trusted-CA-Def_112
set security pki ca-profile All-Trusted-CA-Def_114 ca-identity All-Trusted-CA-Def_114
set security pki ca-profile All-Trusted-CA-Def_115 ca-identity All-Trusted-CA-Def_115
set security pki ca-profile All-Trusted-CA-Def_116 ca-identity All-Trusted-CA-Def_116
set security pki ca-profile All-Trusted-CA-Def_117 ca-identity All-Trusted-CA-Def_117
set security pki ca-profile All-Trusted-CA-Def_118 ca-identity All-Trusted-CA-Def_118
set security pki ca-profile All-Trusted-CA-Def_119 ca-identity All-Trusted-CA-Def_119
set security pki ca-profile All-Trusted-CA-Def_120 ca-identity All-Trusted-CA-Def_120
set security pki ca-profile All-Trusted-CA-Def_121 ca-identity All-Trusted-CA-Def_121
set security pki ca-profile All-Trusted-CA-Def_122 ca-identity All-Trusted-CA-Def_122
set security pki ca-profile All-Trusted-CA-Def_123 ca-identity All-Trusted-CA-Def_123
set security pki ca-profile All-Trusted-CA-Def_124 ca-identity All-Trusted-CA-Def_124
set security pki ca-profile All-Trusted-CA-Def_125 ca-identity All-Trusted-CA-Def_125
set security pki ca-profile All-Trusted-CA-Def_126 ca-identity All-Trusted-CA-Def_126
set security pki ca-profile All-Trusted-CA-Def_127 ca-identity All-Trusted-CA-Def_127
set security pki ca-profile All-Trusted-CA-Def_128 ca-identity All-Trusted-CA-Def_128
set security pki ca-profile All-Trusted-CA-Def_129 ca-identity All-Trusted-CA-Def_129
set security pki ca-profile All-Trusted-CA-Def_130 ca-identity All-Trusted-CA-Def_130
set security pki ca-profile All-Trusted-CA-Def_131 ca-identity All-Trusted-CA-Def_131
set security pki ca-profile All-Trusted-CA-Def_132 ca-identity All-Trusted-CA-Def_132
set security pki ca-profile All-Trusted-CA-Def_133 ca-identity All-Trusted-CA-Def_133
set security pki ca-profile All-Trusted-CA-Def_134 ca-identity All-Trusted-CA-Def_134
set security pki ca-profile All-Trusted-CA-Def_135 ca-identity All-Trusted-CA-Def_135
set security pki ca-profile All-Trusted-CA-Def_136 ca-identity All-Trusted-CA-Def_136
set security pki ca-profile All-Trusted-CA-Def_137 ca-identity All-Trusted-CA-Def_137
set security pki ca-profile All-Trusted-CA-Def_138 ca-identity All-Trusted-CA-Def_138
set security pki ca-profile All-Trusted-CA-Def_139 ca-identity All-Trusted-CA-Def_139
set security pki ca-profile All-Trusted-CA-Def_140 ca-identity All-Trusted-CA-Def_140
set security pki ca-profile All-Trusted-CA-Def_141 ca-identity All-Trusted-CA-Def_141
set security pki ca-profile All-Trusted-CA-Def_142 ca-identity All-Trusted-CA-Def_142
set security pki ca-profile All-Trusted-CA-Def_143 ca-identity All-Trusted-CA-Def_143
set security pki ca-profile All-Trusted-CA-Def_144 ca-identity All-Trusted-CA-Def_144
set security pki ca-profile All-Trusted-CA-Def_145 ca-identity All-Trusted-CA-Def_145
set security pki ca-profile All-Trusted-CA-Def_146 ca-identity All-Trusted-CA-Def_146
set security pki ca-profile All-Trusted-CA-Def_147 ca-identity All-Trusted-CA-Def_147
set security pki ca-profile All-Trusted-CA-Def_148 ca-identity All-Trusted-CA-Def_148
set security pki ca-profile All-Trusted-CA-Def_149 ca-identity All-Trusted-CA-Def_149
set security pki ca-profile All-Trusted-CA-Def_150 ca-identity All-Trusted-CA-Def_150
set security pki ca-profile All-Trusted-CA-Def_151 ca-identity All-Trusted-CA-Def_151
set security pki ca-profile All-Trusted-CA-Def_152 ca-identity All-Trusted-CA-Def_152
set security pki ca-profile All-Trusted-CA-Def_153 ca-identity All-Trusted-CA-Def_153
set security pki ca-profile All-Trusted-CA-Def_154 ca-identity All-Trusted-CA-Def_154
set security pki ca-profile All-Trusted-CA-Def_155 ca-identity All-Trusted-CA-Def_155
set security pki ca-profile ssl-inspect-ca ca-identity ssl-inspect-ca
set security pki ca-profile ssl-ca ca-identity ssl-ca
set security pki ca-profile aamw-ca ca-identity deviceCA
set security pki ca-profile aamw-ca enrollment url http://ca.junipersecurity.net:8080/ejbca/publicweb/apply/scep/SRX/pkiclient.exe
set security pki ca-profile aamw-ca revocation-check disable
set security pki ca-profile aamw-ca revocation-check crl url http://va.junipersecurity.net/ca/deviceCA.crl
set security pki ca-profile aamw-secintel-ca ca-identity JUNIPER
set security pki ca-profile aamw-secintel-ca revocation-check crl url http://va.junipersecurity.net/ca/current.crl
set security pki ca-profile aamw-cloud-ca ca-identity JUNIPER_CLOUD
set security pki ca-profile aamw-cloud-ca revocation-check crl url http://va.junipersecurity.net/ca/cloudCA.crl
set security pki ca-profile-group All-Trusted-CA-Def cert-base-count 155
set security address-book global address JSD_192.168.10.1/24 192.168.10.0/24
set security address-book global address JSD_192.168.11.1/24 192.168.11.0/24
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.10.1/24
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.11.1/24
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match destination-address any
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 match application any
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then permit application-services security-intelligence-policy TPP
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then permit application-services advanced-anti-malware-policy TPP
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then log session-init
set security policies from-zone trust to-zone untrust policy PolicyEnforcer-Rule1-1 then count
set security policies from-zone trust to-zone untrust policy t-u match source-address any
set security policies from-zone trust to-zone untrust policy t-u match destination-address any
set security policies from-zone trust to-zone untrust policy t-u match application any
set security policies from-zone trust to-zone untrust policy t-u then permit
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.10.1/24
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.11.1/24
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 match destination-address any
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 match application any
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 then permit application-services security-intelligence-policy TPP
set security policies from-zone untrust to-zone trust policy PolicyEnforcer-Rule1-1 then permit application-services advanced-anti-malware-policy TPP
set security policies from-zone untrust to-zone trust policy u-t match source-address any
set security policies from-zone untrust to-zone trust policy u-t match destination-address any
set security policies from-zone untrust to-zone trust policy u-t match application any
set security policies from-zone untrust to-zone trust policy u-t then permit
set security policies global policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.10.1/24
set security policies global policy PolicyEnforcer-Rule1-1 match source-address JSD_192.168.11.1/24
set security policies global policy PolicyEnforcer-Rule1-1 match destination-address any
set security policies global policy PolicyEnforcer-Rule1-1 match application any
set security policies global policy PolicyEnforcer-Rule1-1 then permit application-services security-intelligence-policy TPP
set security policies global policy PolicyEnforcer-Rule1-1 then permit application-services advanced-anti-malware-policy TPP
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/0.12
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/2.13
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 12 vlan-id 12
set interfaces ge-0/0/0 unit 12 family inet address 192.168.1.254/24
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 unit 13 vlan-id 13
set interfaces ge-0/0/2 unit 13 family inet address 192.168.231.1/24
set interfaces fxp0 description MGMT
set interfaces fxp0 unit 0 family inet address 10.13.107.186/23
set snmp trap-group space targets 10.13.107.162
set routing-options static route 172.28.0.0/16 next-hop 10.13.106.1
set routing-options static route 10.13.0.0/16 next-hop 10.13.106.1
set routing-options static route 0.0.0.0/0 next-hop 192.168.231.10
set routing-options static route 172.29.64.0/20 next-hop 10.13.106.1
set routing-options static route 172.29.80.0/20 next-hop 10.13.106.1
set routing-options static route 192.168.10.0/24 next-hop 192.168.1.1
set routing-options static route 192.168.11.0/24 next-hop 192.168.1.3

EX4300 Access Switch Configuration

content_copy zoom_out_map
set version 15.1R5.5
set system host-name EX4300-1
set system auto-snapshot
set system time-zone America/New_York
set system root-authentication encrypted-password "$ABC123"
set system services ftp
set system services ssh max-sessions-per-connection 32
set system services telnet
set system services netconf ssh
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any any
set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)"
set system syslog file default-log-messages structured-data
set system ntp server 203.0.113.1
set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN99
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN12
set interfaces ge-0/0/12 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members VLAN11
set interfaces irb unit 11 family inet address 192.168.11.1/24
set interfaces irb unit 12 family inet address 192.168.1.3/24
set interfaces me0 unit 0 family inet address 10.13.107.181/23
set snmp trap-group space targets 10.13.107.162
set routing-options static route 10.13.0.0/16 next-hop 10.13.106.1
set routing-options static route 172.28.0.0/16 next-hop 10.13.106.1
set routing-options static route 172.29.64.0/20 next-hop 10.13.106.1
set routing-options static route 172.29.80.0/20 next-hop 10.13.106.1
set routing-options static route 0.0.0.0/0 next-hop 192.168.1.254
set protocols l2-learning global-mac-table-aging-time 120
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan default
set vlans VLAN11 vlan-id 11
set vlans VLAN11 l3-interface irb.11
set vlans VLAN12 vlan-id 12
set vlans VLAN12 l3-interface irb.12
set vlans VLAN99 vlan-id 99
set vlans VLAN99 l3-interface irb.99

EX2200 Internet Gateway Switch Configuration

Note:

In this topology, the EX2200 switch acts as a simple default gateway to the Internet. It does not play any role in the Juniper Connected Security solution.

content_copy zoom_out_map
set version 15.1R5.5
set system host-name EX2200-INTERNET
set system root-authentication encrypted-password "$ABC123"
set system services ftp
set system services ssh
set system services telnet
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members VLAN13
set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members VLAN13
set interfaces ge-0/0/47 description "to DMZ ge/0/015"
set interfaces ge-0/0/47 unit 0 family inet address 198.51.100.2/30
set interfaces me0 unit 0 family inet address 10.13.107.188/23
set interfaces vlan unit 13 family inet address 192.168.231.10/24
set routing-options static route 0.0.0.0/0 next-hop 198.51.100.1
set routing-options static route 10.13.0.0/16 next-hop 10.13.106.1
set routing-options static route 172.28.0.0/16 next-hop 10.13.106.1
set routing-options static route 192.168.0.0/16 next-hop 192.168.231.1
set protocols igmp-snooping vlan all
set protocols lldp interface all
set protocols lldp-med interface all
set vlans VLAN13 vlan-id 13
set vlans VLAN13 l3-interface vlan.13

Related Documentation

arrow_backward PREVIOUS Use Case # 1: Configuring Juniper Connected Security
NEXT arrow_forward Configuring Juniper Connected Security with ATP Cloud and Policy Enforcer (Without Guided Setup)
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top