## Last changed: 2016-09-01 17:55:19 UTC version 15.1X49-D45; system { root-authentication { encrypted-password "$5$7Fr4yWai$ZsEpHHbyYA7Tqxf7aro8D7UoCxGLIMrtNDfmkysTiI."; } name-server { 8.8.4.4; 8.8.8.8; } services { web-management { http { interface [ ge-0/0/0.0 ge-0/0/1.0 ge-0/0/5.0 ]; } } dhcp { pool 192.168.1.0/24 { address-range low 192.168.1.10 high 192.168.1.250; router { 192.168.1.254; } } } } } services { rpm { probe probe-isp1 { test test-isp1 { probe-type icmp-ping; target address 8.8.8.8; probe-count 3; probe-interval 15; test-interval 10; thresholds { successive-loss 3; total-loss 3; } destination-interface ge-0/0/0.0; next-hop 10.0.5.1; } } probe probe-isp2 { test test-isp2 { probe-type icmp-ping; target address 8.8.8.8; probe-count 3; probe-interval 15; test-interval 10; thresholds { successive-loss 3; total-loss 5; } destination-interface ge-0/0/1.0; next-hop 172.16.13.1; } } } ip-monitoring { policy track-isp1 { match { rpm-probe probe-isp1; } then { preferred-route { routing-instances ISP1 { route 0.0.0.0/0 { next-hop 172.16.13.1; } } } } } policy track-isp2 { match { rpm-probe probe-isp2; } then { preferred-route { routing-instances ISP2 { route 0.0.0.0/0 { next-hop 10.0.5.1; } } } } } } } security { nat { source { rule-set rs1 { from zone LAN; to zone Internet1; rule r1 { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set rs2 { from zone LAN; to zone Internet2; rule r2 { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone LAN to-zone Internet1 { policy All_LAN_Internet1 { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone LAN to-zone Internet2 { policy All_LAN_Internet2 { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone LAN { host-inbound-traffic { system-services { dhcp; http; https; ping; ssh; } } interfaces { ge-0/0/5.0; ge-0/0/4.0; ge-0/0/3.0; } } security-zone Internet1 { host-inbound-traffic { system-services { ping; https; ssh; http; dhcp; } } interfaces { ge-0/0/0.0; } } security-zone Internet2 { host-inbound-traffic { system-services { dhcp; http; https; ping; ssh; } } interfaces { ge-0/0/1.0; } } } } interfaces { ge-0/0/0 { description ISP1; unit 0 { family inet { address 10.0.5.10/24; } } } ge-0/0/1 { description ISP2; unit 0 { family inet { address 172.16.13.230/24; } } } ge-0/0/3 { description LAN3; unit 0 { family inet { dhcp; } } } ge-0/0/4 { description LAN2; unit 0 { family inet { dhcp; } } } ge-0/0/5 { description LAN1; unit 0 { family inet { address 192.168.1.254/24; } } } } routing-options { static { route 0.0.0.0/0 next-table ISP1.inet.0; } rib-groups { ISP1-to-ISP2 { import-rib [ ISP1.inet.0 ISP2.inet.0 ]; } ISP2-to-ISP1 { import-rib [ ISP2.inet.0 ISP1.inet.0 ]; } } } routing-instances { ISP1 { instance-type virtual-router; interface ge-0/0/0.0; routing-options { interface-routes { rib-group inet ISP1-to-ISP2; } static { route 0.0.0.0/0 next-hop 10.0.5.1; } } } ISP2 { instance-type virtual-router; interface ge-0/0/1.0; routing-options { interface-routes { rib-group inet ISP2-to-ISP1; } static { route 0.0.0.0/0 next-hop 172.16.13.1; } } } }