Final vSRX JunOS configuration
set version 12.1X47-D20.7 set system services ssh set interfaces ge-0/0/0 unit 0 family inet address 172.20.0.248/20 set interfaces ge-0/0/1 unit 0 family inet address 10.0.0.1/16 set interfaces ge-0/0/2 unit 0 family inet address 10.1.2.1/24 set routing-options static route 0.0.0.0/0 next-hop 172.20.0.1 set security nat source rule-set outgoing from zone dmz set security nat source rule-set outgoing from zone trust set security nat source rule-set outgoing to zone untrust set security nat source rule-set outgoing rule outgoing match source-address 0.0.0.0/0 set security nat source rule-set outgoing rule outgoing match destination-address 0.0.0.0/0 set security nat source rule-set outgoing rule outgoing then source-nat interface set security nat static rule-set static-nat-untrust from zone untrust set security nat static rule-set static-nat-untrust rule rule-view-pcoip match destination-address 172.20.0.249/32 set security nat static rule-set static-nat-untrust rule rule-view-pcoip then static-nat prefix 10.1.2.2/32 set security nat proxy-arp interface ge-0/0/0.0 address 172.20.0.249/32 set security policies from-zone trust to-zone untrust policy outgoing match source-address any set security policies from-zone trust to-zone untrust policy outgoing match destination-address any set security policies from-zone trust to-zone untrust policy outgoing match application any set security policies from-zone trust to-zone untrust policy outgoing then permit set security policies from-zone dmz to-zone untrust policy outgoing match source-address dmz set security policies from-zone dmz to-zone untrust policy outgoing match destination-address any set security policies from-zone dmz to-zone untrust policy outgoing match application any set security policies from-zone dmz to-zone untrust policy outgoing then permit set security policies from-zone dmz to-zone trust policy policy-vss-vcs match source-address vss01 set security policies from-zone dmz to-zone trust policy policy-vss-vcs match destination-address vcs02 set security policies from-zone dmz to-zone trust policy policy-vss-vcs match application esp set security policies from-zone dmz to-zone trust policy policy-vss-vcs match application junos-ike set security policies from-zone dmz to-zone trust policy policy-vss-vcs match application view-jms set security policies from-zone dmz to-zone trust policy policy-vss-vcs match application view-jms-ssl set security policies from-zone dmz to-zone trust policy policy-vss-vcs match application view-ajp13 set security policies from-zone dmz to-zone trust policy policy-vss-vcs then permit set security policies from-zone dmz to-zone trust policy policy-vss-desktop match source-address vss01 set security policies from-zone dmz to-zone trust policy policy-vss-desktop match destination-address lan set security policies from-zone dmz to-zone trust policy policy-vss-desktop match application view-pcoip set security policies from-zone dmz to-zone trust policy policy-vss-desktop match application view-agent-blast set security policies from-zone dmz to-zone trust policy policy-vss-desktop match application view-agent-usb set security policies from-zone dmz to-zone trust policy policy-vss-desktop then permit set security policies from-zone dmz to-zone trust policy policy-dns match source-address dmz set security policies from-zone dmz to-zone trust policy policy-dns match destination-address dc01 set security policies from-zone dmz to-zone trust policy policy-dns match application junos-dns-tcp set security policies from-zone dmz to-zone trust policy policy-dns match application junos-dns-udp set security policies from-zone dmz to-zone trust policy policy-dns then permit set security policies from-zone untrust to-zone dmz policy policy-vss match source-address any set security policies from-zone untrust to-zone dmz policy policy-vss match destination-address vss01 set security policies from-zone untrust to-zone dmz policy policy-vss match application view-blast set security policies from-zone untrust to-zone dmz policy policy-vss match application view-pcoip set security policies from-zone untrust to-zone dmz policy policy-vss match application junos-http set security policies from-zone untrust to-zone dmz policy policy-vss match application junos-https set security policies from-zone untrust to-zone dmz policy policy-vss then permit set security policies from-zone trust to-zone dmz policy policy-vcs-vss match source-address vcs02 set security policies from-zone trust to-zone dmz policy policy-vcs-vss match destination-address vss01 set security policies from-zone trust to-zone dmz policy policy-vcs-vss match application esp set security policies from-zone trust to-zone dmz policy policy-vcs-vss match application junos-ike set security policies from-zone trust to-zone dmz policy policy-vcs-vss then permit set security zones security-zone untrust interfaces ge-0/0/0.0 set security zones security-zone trust address-book address vcs02 10.0.1.12/32 set security zones security-zone trust address-book address dc01 10.0.1.5/32 set security zones security-zone trust address-book address lan 10.0.0.0/16 set security zones security-zone trust address-book address vcs01 10.0.1.9/32 set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ssh set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping set security zones security-zone dmz address-book address vss01 10.1.2.2/32 set security zones security-zone dmz address-book address dmz 10.1.2.0/24 set security zones security-zone dmz interfaces ge-0/0/2.0 host-inbound-traffic system-services ping set applications application view-pcoip term tcp-4172 protocol tcp set applications application view-pcoip term tcp-4172 source-port 0-65535 set applications application view-pcoip term tcp-4172 destination-port 4172 set applications application view-pcoip term udp-4172 protocol udp set applications application view-pcoip term udp-4172 source-port 0-65535 set applications application view-pcoip term udp-4172 destination-port 4172 set applications application view-blast term tcp-8443 protocol tcp set applications application view-blast term tcp-8443 source-port 0-65535 set applications application view-blast term tcp-8443 destination-port 8443 set applications application esp term ip50 protocol 50 set applications application esp term ip50 source-port 0-65535 set applications application esp term ip50 destination-port 0-65535 set applications application view-agent-blast term tcp-22443 protocol tcp set applications application view-agent-blast term tcp-22443 source-port 0-65535 set applications application view-agent-blast term tcp-22443 destination-port 22443 set applications application view-agent-usb term tcp-32111 protocol tcp set applications application view-agent-usb term tcp-32111 source-port 0-65535 set applications application view-agent-usb term tcp-32111 destination-port 32111 set applications application view-jms term tcp-4001 protocol tcp set applications application view-jms term tcp-4001 source-port 0-65535 set applications application view-jms term tcp-4001 destination-port 4001 set applications application view-jms-ssl term tcp-4002 protocol tcp set applications application view-jms-ssl term tcp-4002 source-port 0-65535 set applications application view-jms-ssl term tcp-4002 destination-port 4002 set applications application view-ajp13 term tcp-8009 protocol tcp set applications application view-ajp13 term tcp-8009 source-port 0-65535 set applications application view-ajp13 term tcp-8009 destination-port 8009