[edit] root# show display set set version 9.2R1.10 set system root-authentication encrypted-password "$1$cck3scuh$uENFKDbFjAL.

ABe7Y XaJT0" set system services ssh set system services web-management http interface ge-0/0/0.0 set system syslog user * any emergency set system syslog file messages any any set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set interfaces ge-0/0/0 unit 0 family inet filter input port-mirror2 set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24 set interfaces ge-0/0/1 unit 0 family inet address 71.154.139.20/26 set interfaces ge-0/0/3 unit 0 family inet address 10.0.0.1/30 arp 10.0.0.2 mac 02:00:00:01:01:7a set forwarding-options port-mirroring family inet input rate 1 set forwarding-options port-mirroring family inet input run-length 0 set forwarding-options port-mirroring family inet output interface ge-0/0/3.0 ne xt-hop 10.0.0.2 set routing-options static route 0.0.0.0/0 next-hop 71.154.139.1 set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 102 4 set security screen ids-option untrust-screen tcp syn-flood destination-threshol d 2048 set security screen ids-option untrust-screen tcp syn-flood queue-size 2000 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security zones security-zone trust tcp-rst set security zones security-zone untrust screen untrust-screen set security zones security-zone INSIDE address-book address Insideips 192.168.1 .10/32 set security zones security-zone INSIDE interfaces ge-0/0/0.0 host-inbound-traff ic system-services all set security zones security-zone OUTSIDE interfaces ge-0/0/1.0 host-inbound-traf fic system-services all set security policies from-zone trust to-zone trust policy default-permit match source-address any set security policies from-zone trust to-zone trust policy default-permit match destination-address any set security policies from-zone trust to-zone trust policy default-permit match application any set security policies from-zone trust to-zone trust policy default-permit then p ermit set security policies from-zone trust to-zone untrust policy default-permit matc h source-address any set security policies from-zone trust to-zone untrust policy default-permit matc h destination-address any set security policies from-zone trust to-zone untrust policy default-permit matc h application any set security policies from-zone trust to-zone untrust policy default-permit then permit set security policies from-zone untrust to-zone trust policy default-deny match source-address any

set security policies from-zone destination-address any set security policies from-zone application any set security policies from-zone eny set security policies from-zone ddress any set security policies from-zone ion-address any set security policies from-zone ion any set security policies from-zone urce-nat interface set security policies from-zone rce-address any set security policies from-zone tination-address any set security policies from-zone lication any set security policies from-zone it set security policies from-zone rce-address any set security policies from-zone tination-address any set security policies from-zone lication any set security policies from-zone it set firewall family inet filter set firewall family inet filter set firewall family inet filter set firewall family inet filter set firewall family inet filter [edit] root#

untrust to-zone trust policy default-deny match untrust to-zone trust policy default-deny match untrust to-zone trust policy default-deny then d INSIDE to-zone OUTSIDE policy NAT match source-a INSIDE to-zone OUTSIDE policy NAT match destinat INSIDE to-zone OUTSIDE policy NAT match applicat INSIDE to-zone OUTSIDE policy NAT then permit so INSIDE to-zone OUTSIDE policy AllowAll match sou INSIDE to-zone OUTSIDE policy AllowAll match des INSIDE to-zone OUTSIDE policy AllowAll match app INSIDE to-zone OUTSIDE policy AllowAll then perm OUTSIDE to-zone INSIDE policy AllowAll match sou OUTSIDE to-zone INSIDE policy AllowAll match des OUTSIDE to-zone INSIDE policy AllowAll match app OUTSIDE to-zone INSIDE policy AllowAll then perm port-mirror2 port-mirror2 port-mirror2 port-mirror2 port-mirror2 term term term term term 1 1 1 1 2 from from then then then protocol tcp port http port-mirror accept accept