vSRX example configuration
The following configuration is provided as a reference and is not intended for use in your vSRX cluster.
set version 18.4R1.8;
system {
login {
user pokeyjo {
uid 2000;
class super-user;
authentication {
encrypted-password}
}
}
root-authentication {
encrypted-password}
services {
ssh;
web-management {
http {
interface [ fxp0.0 ge-0/0/0.0 ];
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
ge-0/0/0.0;
ge-0/0/1.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/2.0;
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.135.70.22/26;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.134.217.140/26;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 169.50.51.92/29;
}
}
}
ge-0/0/3 {
unit 0;
}
fxp0 {
unit 0;
}
}
routing-options {
static {
route 10.0.0.0/8 next-hop 10.135.70.1;
route 0.0.0.0/0 next-hop 169.50.51.89;
}
}
Set commands
set system login user pokeyjo uid 2000
set system login user pokeyjo class super-user
set system login user pokeyjo authentication encrypted-password
"removed for security"
set system root-authentication encrypted-password
"removed for security"
set system services ssh
set system services web-management http interface fxp0.0
set system services web-management http interface ge-0/0/0.0
set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood
alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood
attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood
source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood
destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood queue-size
2000
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security policies from-zone trust to-zone trust policy
default-permit match source-address any
set security policies from-zone trust to-zone trust policy
default-permit match destination-address any
set security policies from-zone trust to-zone trust policy
default-permit match application any
set security policies from-zone trust to-zone trust policy
default-permit then permit
set security policies from-zone trust to-zone untrust policy
default-permit match source-address any
set security policies from-zone trust to-zone untrust policy
default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy
default-permit match application any
set security policies from-zone trust to-zone untrust policy
default-permit then permit
set security zones security-zone trust tcp-rst
set security zones security-zone trust host-inbound-traffic
system-services all
set security zones security-zone trust interfaces ge-0/0/0.0
set security zones security-zone trust interfaces ge-0/0/1.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust interfaces ge-0/0/2.0
set interfaces ge-0/0/0 unit 0 family inet address 10.135.70.22/26
set interfaces ge-0/0/1 unit 0 family inet address 10.134.217.140/26
set interfaces ge-0/0/2 unit 0 family inet address 169.50.51.92/29
set interfaces ge-0/0/3 unit 0
set interfaces fxp0 unit 0
set routing-options static route 10.0.0.0/8 next-hop 10.135.70.1
set routing-options static route 0.0.0.0/0 next-hop 169.50.51.89