version 12.1X46-D10; system { host-name firefly; time-zone Asia/Tokyo; no-multicast-echo; no-redirects; arp { aging-timer 5; passive-learning; } saved-core-files 10; saved-core-context; location country-code JP; root-authentication { encrypted-password "xxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA } login { class root { idle-timeout 15; permissions all; } } services { ssh; web-management { http { interface ge-0/0/0.0; } } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } ntp { server 192.168.1.254; } } interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.1.49/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.254; route 2.0.0.0/16 discard; route 10.0.0.0/8 discard; } autonomous-system 65001; } protocols { bgp { path-selection always-compare-med; log-updown; group test-peer { type external; local-address 192.168.1.49; advertise-inactive; export bgp-advertise; peer-as 65000; local-as 65001; neighbor 192.168.1.48 { peer-as 65000; } } } } policy-options { policy-statement bgp-advertise { term 1 { from { protocol static; route-filter 2.0.0.0/16 exact; route-filter 10.0.0.0/8 exact; } then accept; } term 2 { from protocol bgp; then accept; } term 3 { then reject; } } } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; queue-size 2000; ## Warning: 'queue-size' is deprecated timeout 20; } land; } } } policies { from-zone trust to-zone trust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone untrust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy default-deny { match { source-address any; destination-address any; application any; } then { deny; } } } } zones { security-zone trust { tcp-rst; } security-zone untrust { screen untrust-screen; interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { http; https; ssh; telnet; dhcp; } } } } } } }