CAPACITACION PYMES ROUTERS JUNIPER SRX100B.PRUEBAS LABORATORIO JUNIPER PASO A PASO 1. ESTABLECER PASSWORD ESTANDAR Arranque.El arranque normal del puede tomar hasta 3 minu: U-Boot 1.1.6-JNPR-2.0 (Build time: Nov 17 2010 - 07:04:52) SRX_100_LOWMEM board revision major:0, minor:0, serial #: AT0612AF0730 OCTEON CN5020-SCP pass 1.1, Core clock: 500 MHz, DDR clock: 266 MHz (532 Mhz data rate) DRAM: 512 MB Starting Memory POST... Checking datalines... OK Checking address lines... OK Checking 512K memory for U-Boot... OK. Running U-Boot CRC Test... OK. Flash: 4 MB USB: scanning bus for devices... 3 USB Device(s) found scanning bus for storage devices... 1 Storage Device(s) found Clearing DRAM....... done BIST check passed. Boot Media: nand-flash usb Net: pic init done (err = 0)octeth0 POST Passed Press SPACE to abort autoboot in 1 seconds Punto de aborto autoboot quedando el equipo con prompt => ELF file is 32 bit Loading .text @ 0x8f000078 (244960 bytes) Loading .rodata @ 0x8f03bd58 (13940 bytes) Loading .rodata.str1.4 @ 0x8f03f3cc (16648 bytes) Loading set_Xcommand_set @ 0x8f0434d4 (100 bytes) Loading .rodata.cst4 @ 0x8f043538 (20 bytes) Loading .data @ 0x8f044000 (5608 bytes) Loading .data.rel.ro @ 0x8f0455e8 (120 bytes) Loading .data.rel @ 0x8f045660 (136 bytes) Clearing .bss @ 0x8f0456e8 (11656 bytes) ## Starting application at 0x8f000078 ... Consoles: U-Boot console Found compatible API, ver. 2.0 FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.0 ([email protected], Wed Nov 17 07:07:32 UTC 2010) Memory: 512MB [0]Booting from nand-flash slice 1 Un-Protected 1 sectors writing to flash... Protected 1 sectors Loading /boot/defaults/loader.conf /kernel data=0xa78f68+0xddf50 syms=[0x4+0x83830+0x4+0xbdbbf] Hit [Enter] to boot immediately. CONFIGURACION DEFAULT set system login user gestion class super-user set system login user gestion uid 2000 set system services ssh set system services telnet set system services xnm-clear-text set system services web-management http interface vlan. Termina proceso autoboot. Ejecutar commando “boot –s” en dado caso.0 . or space bar for command prompt. loader> boot -s Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery root@srxB % cli root@srxB> configure [edit] gestion# delete This will delete the entire configuration Delete everything under this level? [yes.CAPACITACION PYMES ROUTERS JUNIPER SRX100B.no] (no) yes [edit] gestion # set system root-authentication plain-text-password New password: TmX85col Retype new password: TmX85col gestion # set system login user gestion authentication plain-text-password New password: TmX85col Retype new password: TmX85col 2.0 set system services web-management https system-generated-certificate set system services web-management https interface vlan. Quedaría el equipo en prompt “loader>”. Se puede abortar aquí para entrar a proceso de restauración password del usuario “root”. 0/24 set security nat source rule-set ONETOONE rule RULENAT then source-nat pool NAT set security policies from-zone LAN to-zone WAN policy SALIDA match source-address any set security policies from-zone LAN to-zone WAN policy SALIDA match destination-address any set security policies from-zone LAN to-zone WAN policy SALIDA match application any set security policies from-zone LAN to-zone WAN policy SALIDA then permit set security policies from-zone WAN to-zone LAN policy ENTRADA match source-address any .168. 2.127. 3.CAPACITACION PYMES ROUTERS JUNIPER SRX100B.0/0 next-hop 10. SE DEBE TENER EN CUENTA QUE LA INFORMACION DE DIRECCIONAMIENTO ESTA SUJETA A LA PRE CONFIGURACION DE CADA SERVICIO.49/29 set security nat source rule-set ONETOONE from zone LAN set security nat source rule-set ONETOONE to zone WAN set security nat source rule-set ONETOONE rule RULENAT match source-address 192.0/24 default-lease-time 1209600 set system services dhcp pool 192.85.1.1.189.1.0/24 address-range low 192.1.137.14.1 set system services dhcp pool 192.0/24 name-server 200.2 set system services dhcp pool 192.26.1.207.0. INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TRONCAL SIP ETHERNET CON AUDIOCODEC.168. CONFIGURACION INTERNET IP PUBLICA + DHCP CON IP PRIVADA set system services dhcp router 192.254 set system services dhcp pool 192. 4.85.168.168.1. BASICA (GAOKE – IAD).175.254 set protocols stp set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security nat source pool NAT address 190.3 set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members PRIVADA set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members PRIVADA set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members PUBLICA set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members PUBLICA set interfaces fe-0/0/7 description WAN_CLARO set interfaces fe-0/0/7 vlan-tagging set interfaces fe-0/0/7 unit 1197 vlan-id 1197 set interfaces fe-0/0/7 unit 1197 family inet address 10.1/24 set interfaces vlan unit 100 family inet address 190.1.168.0/24 name-server 200.135 set system services dhcp pool 192.168. CONFIGURACION SERVICIOS PYMES 1.180/21 set interfaces vlan unit 0 family inet address 192. 3.1.1.1. INTERNET IP PUBLICA + DHCP CON IP PRIVADA INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TELEF.168.210 set system services dhcp propagate-settings vlan.168. INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TRONCAL SIP CENTRALIZADA.127.168.0/24 address-range high 192.0/24 maximum-lease-time 2419200 set system services dhcp pool 192. EN COLOR ROJO SE RESALTAN LOS PARAMETROS A CAMBIAR 1.49/29 set routing-options static route 0.0.189.1.168.168.175. 1 set routing-options static route 172.33/29 set routing-options static route 0.0/0 next-hop 10.1.0.1.1.168.0/24 maximum-lease-time 2419200 set system services dhcp pool 192.1.0/24 default-lease-time 1209600 set system services dhcp pool 192.177.157/21 set interfaces vlan unit 0 family inet address 192.93/21 set interfaces fe-0/0/7 unit 79 vlan-id 79 set interfaces fe-0/0/7 unit 79 family inet address 10.1197 set vlans PRIVADA vlan-id 3 set vlans PRIVADA l3-interface vlan.52.31.1.1 set protocols stp set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land .135 set system services dhcp pool 192.0/24 name-server 200.CAPACITACION PYMES ROUTERS JUNIPER SRX100B.0/24 address-range high 192.26.210 set system services dhcp propagate-settings vlan.168.254 set system services dhcp pool 192.51.3 set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members PRIVADA set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members PRIVADA set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members PUBLICA set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members PUBLICA set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members TELEFONIA set interfaces fe-0/0/7 description WAN_CLARO set interfaces fe-0/0/7 vlan-tagging set interfaces fe-0/0/7 unit 78 vlan-id 78 set interfaces fe-0/0/7 unit 78 family inet address 10.48.100 2.14.0/24 address-range low 192.1/24 set interfaces vlan unit 100 family inet address 181.0.177.48.48.152.1.168.2 set system services dhcp pool 192.200.168.1.168.152.8.0.158.0.0/8 next-hop 10.1.1 set routing-options static route 10.48.168.0 set security zones security-zone LAN interfaces vlan.152.1.0.137. INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TELEF.168. set system services dhcp router 192. BASICA (GAOKE – IAD).207.168.0/16 next-hop 10.168.168.1 set system services dhcp pool 192.0 set vlans PUBLICA vlan-id 100 set vlans PUBLICA l3-interface vlan. set security policies from-zone WAN to-zone LAN policy ENTRADA match destination-address any set security policies from-zone WAN to-zone LAN policy ENTRADA match application any set security policies from-zone WAN to-zone LAN policy ENTRADA then permit set security zones security-zone LAN host-inbound-traffic system-services all set security zones security-zone LAN host-inbound-traffic protocols all set security zones security-zone LAN interfaces vlan.0/24 name-server 200.1.105/29 set interfaces vlan unit 200 family inet address 10.100 set security zones security-zone WAN host-inbound-traffic system-services all set security zones security-zone WAN interfaces fe-0/0/7. 0 Data Port MAC Address..0......:10...34 Voice Port Net Mask..: route LAN Port 4 Configuration: Network Mode ...........255.: 00:0e:b4:07:30:a1 Whether To Use the Voice Default Gateway:yes VOICE Default Gateway Address.................0/24 set security nat source rule-set ONETOONE rule RULENAT then source-nat pool NAT set security policies from-zone LAN to-zone WAN policy SALIDA match source-address any set security policies from-zone LAN to-zone WAN policy SALIDA match destination-address any set security policies from-zone LAN to-zone WAN policy SALIDA match application any set security policies from-zone LAN to-zone WAN policy SALIDA then permit set security policies from-zone WAN to-zone LAN policy ENTRADA match source-address any set security policies from-zone WAN to-zone LAN policy ENTRADA match destination-address any set security policies from-zone WAN to-zone LAN policy ENTRADA match application any set security policies from-zone WAN to-zone LAN policy ENTRADA then permit set security zones security-zone LAN host-inbound-traffic system-services all set security zones security-zone LAN host-inbound-traffic protocols all set security zones security-zone LAN interfaces vlan..248 Voice Port MAC Address.33 MG6002W#show nat-server Mode of network interface(0--1WAN4LAN.78 set vlans PRIVADA vlan-id 3 set vlans PRIVADA l3-interface vlan.200...............: 138...79 set security zones security-zone WAN interfaces fe-0/0/7........0 set security zones security-zone LAN interfaces vlan.: NO LAN Port 1 Configuration: Network Mode ....: 10..0 set vlans PUBLICA vlan-id 100 set vlans PUBLICA l3-interface vlan...105/29 set security nat source rule-set ONETOONE from zone LAN set security nat source rule-set ONETOONE to zone WAN set security nat source rule-set ONETOONE rule RULENAT match source-address 192.: 00:0e:b4:07:30:a0 Voice Port IP Address..........: 255...0 set security zones security-zone WAN host-inbound-traffic system-services all set security zones security-zone WAN interfaces fe-0/0/7.255.158.255.......1 Data Port Net Mask..CAPACITACION PYMES ROUTERS JUNIPER SRX100B.200 set security zones security-zone LAN interfaces fe-0/0/0.8..200.........100 set security zones security-zone LAN interfaces vlan.0.8...... set security nat source pool NAT address 181.....1....................: route ...: route LAN Port 3 Configuration: Network Mode .1--4WAN1LAN):0 NAT Server:Data and voice transmit with different net port Interface type of NAT server: Data net port MG6002W#show vlan Enable voice VLAN ........200 CONFIGURACION GAOKE DE TELEFONIA MG6002W#show ip WAN Data Port IP Address..48.168...: route LAN Port 2 Configuration: Network Mode ......100 set vlans TELEFONIA vlan-id 200 set vlans TELEFONIA l3-interface vlan.: NO Enable WAN VLAN .....: 255.........60.. 0.1/24 set interfaces vlan unit 100 family inet address 190.1.168.1.180/21 set interfaces fe-0/0/7 unit 1198 vlan-id 1198 set interfaces fe-0/0/7 unit 1198 family inet address 10.120.0.14.1 set routing-options static route 10.35.8.120.0.207.175.1.155/21 set interfaces vlan unit 0 family inet address 192.168.170.3 set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members PRIVADA set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members PRIVADA set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members PUBLICA set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members PUBLICA set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members PLANTA set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members AUDIOCODEC set interfaces fe-0/0/7 description WAN_CLARO set interfaces fe-0/0/7 vlan-tagging set interfaces fe-0/0/7 unit 1197 vlan-id 1197 set interfaces fe-0/0/7 unit 1197 family inet address 10.0/24 name-server 200.168.0/24 default-lease-time 1209600 set system services dhcp pool 192.168.168.26.33/29 set interfaces vlan unit 300 family inet address 192.0.49/29 set interfaces vlan unit 200 family inet address 10.1.2 set system services dhcp pool 192.170.1.137.175.189.1.0/16 next-hop 10.168.0/0 next-hop 10.168.1.1 set system services dhcp pool 192.1.189.49/29 set security nat source rule-set ONETOONE from zone LAN set security nat source rule-set ONETOONE to zone WAN set security nat source rule-set ONETOONE rule RULENAT match source-address 192.1.168.135 set system services dhcp pool 192.170.254 set system services dhcp pool 192.0/24 maximum-lease-time 2419200 set system services dhcp pool 192.CAPACITACION PYMES ROUTERS JUNIPER SRX100B.31.1/29 set routing-options static route 0.150.127.0. 3.127.85.168. set system services dhcp router 192.0/24 name-server 200.168.127.1. INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TRONCAL SIP ETHERNET CON AUDIOCODEC.85.1 set protocols stp set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security nat source pool NAT address 190.168.0/24 address-range low 192.254 set routing-options static route 172.0/24 address-range high 192.0/24 set security nat source rule-set ONETOONE rule RULENAT then source-nat pool NAT set security policies from-zone LAN to-zone WAN policy SALIDA match source-address any set security policies from-zone LAN to-zone WAN policy SALIDA match destination-address any set security policies from-zone LAN to-zone WAN policy SALIDA match application any set security policies from-zone LAN to-zone WAN policy SALIDA then permit set security policies from-zone WAN to-zone LAN policy ENTRADA match source-address any set security policies from-zone WAN to-zone LAN policy ENTRADA match destination-address any .0/8 next-hop 10.210 set system services dhcp propagate-settings vlan.168.1. 1198 set security zones security-zone AUDIOCODEC host-inbound-traffic system-services all set security zones security-zone AUDIOCODEC host-inbound-traffic protocols all set security zones security-zone AUDIOCODEC interfaces vlan.100 .200 set vlans PLANTA vlan-id 300 set vlans PLANTA l3-interface vlan. set security policies from-zone WAN to-zone LAN policy ENTRADA match application any set security policies from-zone WAN to-zone LAN policy ENTRADA then permit set security policies from-zone AUDIOCODEC to-zone PLANTA policy ENTRADA match source-address any set security policies from-zone AUDIOCODEC to-zone PLANTA policy ENTRADA match destination-address any set security policies from-zone AUDIOCODEC to-zone PLANTA policy ENTRADA match application any set security policies from-zone AUDIOCODEC to-zone PLANTA policy ENTRADA then permit set security policies from-zone PLANTA to-zone AUDIOCODEC policy SALIDA match source-address any set security policies from-zone PLANTA to-zone AUDIOCODEC policy SALIDA match destination-address any set security policies from-zone PLANTA to-zone AUDIOCODEC policy SALIDA match application any set security policies from-zone PLANTA to-zone AUDIOCODEC policy SALIDA then permit set security policies from-zone WAN to-zone AUDIOCODEC policy ENTRADA match source-address any set security policies from-zone WAN to-zone AUDIOCODEC policy ENTRADA match destination-address any set security policies from-zone WAN to-zone AUDIOCODEC policy ENTRADA match application any set security policies from-zone WAN to-zone AUDIOCODEC policy ENTRADA then permit set security policies from-zone AUDIOCODEC to-zone WAN policy SALIDA match source-address any set security policies from-zone AUDIOCODEC to-zone WAN policy SALIDA match destination-address any set security policies from-zone AUDIOCODEC to-zone WAN policy SALIDA match application any set security policies from-zone AUDIOCODEC to-zone WAN policy SALIDA then permit set security zones security-zone LAN host-inbound-traffic system-services all set security zones security-zone LAN host-inbound-traffic protocols all set security zones security-zone LAN interfaces vlan.CAPACITACION PYMES ROUTERS JUNIPER SRX100B.300 set vlans PRIVADA vlan-id 3 set vlans PRIVADA l3-interface vlan.0 set security zones security-zone PLANTA host-inbound-traffic system-services all set security zones security-zone PLANTA host-inbound-traffic protocols all set security zones security-zone PLANTA interfaces vlan.1197 set security zones security-zone WAN interfaces fe-0/0/7.0 set vlans AUDIOCODEC vlan-id 200 set vlans AUDIOCODEC l3-interface vlan.0 set security zones security-zone LAN interfaces vlan.0 set vlans PUBLICA vlan-id 100 set vlans PUBLICA l3-interface vlan.100 set security zones security-zone LAN interfaces fe-0/0/0.300 set security zones security-zone PLANTA interfaces fe-0/0/4.200 set security zones security-zone AUDIOCODEC interfaces fe-0/0/5.0 set security zones security-zone WAN host-inbound-traffic system-services all set security zones security-zone WAN host-inbound-traffic protocols all set security zones security-zone WAN interfaces fe-0/0/7. 135 set system services dhcp pool 192.158.3 set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members PRIVADA set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members PRIVADA set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members PUBLICA set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members PUBLICA set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members SIP-CENTRALIZADO set interfaces fe-0/0/7 description WAN_CLARO set interfaces fe-0/0/7 vlan-tagging set interfaces fe-0/0/7 unit 78 vlan-id 78 set interfaces fe-0/0/7 unit 78 family inet address 10.1.1.0/24 address-range high 192.51.1.158.168.0/24 maximum-lease-time 2419200 set system services dhcp pool 192.105/29 set security nat source rule-set ONETOONE from zone LAN set security nat source rule-set ONETOONE to zone WAN set security nat source rule-set ONETOONE rule RULENAT match source-address 192.1/24 set interfaces vlan unit 100 family inet address 181.153/30 set routing-options static route 0.1.2 set system services dhcp pool 192.1 set routing-options static route 10.168.233.168.48.1.48.168.177.168.168.1.210 set system services dhcp propagate-settings vlan.0/24 name-server 200.207.0/24 set security nat source rule-set ONETOONE rule RULENAT then source-nat pool NAT set security policies from-zone LAN to-zone WAN policy SALIDA match source-address any set security policies from-zone LAN to-zone WAN policy SALIDA match destination-address any set security policies from-zone LAN to-zone WAN policy SALIDA match application any set security policies from-zone LAN to-zone WAN policy SALIDA then permit set security policies from-zone WAN to-zone LAN policy ENTRADA match source-address any set security policies from-zone WAN to-zone LAN policy ENTRADA match destination-address any set security policies from-zone WAN to-zone LAN policy ENTRADA match application any set security policies from-zone WAN to-zone LAN policy ENTRADA then permit set security policies from-zone SIP-CENTRALIZADO to-zone WAN policy SALIDA match source-address any set security policies from-zone SIP-CENTRALIZADO to-zone WAN policy SALIDA match destination-address any .0/24 address-range low 192.168.1.224. 4.0/24 name-server 200.0.152.152.0.0/24 next-hop 10.CAPACITACION PYMES ROUTERS JUNIPER SRX100B.137.1.1.48.52.1.0/24 default-lease-time 1209600 set system services dhcp pool 192. set system services dhcp router 192.7.7.168.26.1.254 set system services dhcp pool 192.157/21 set interfaces vlan unit 0 family inet address 192.93/21 set interfaces fe-0/0/7 unit 79 vlan-id 79 set interfaces fe-0/0/7 unit 79 family inet address 10.14. INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TRONCAL SIP CENTRALIZADA.105/29 set interfaces vlan unit 200 family inet address 10.168.0/0 next-hop 10.177.168.48.1 set system services dhcp pool 192.168.1 set protocols stp set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security nat source pool NAT address 181. 0 set vlans PRIVADA vlan-id 3 set vlans PRIVADA l3-interface vlan.0 set security zones security-zone WAN host-inbound-traffic system-services all set security zones security-zone WAN host-inbound-traffic protocols all set security zones security-zone WAN interfaces fe-0/0/7.200 . set security policies from-zone SIP-CENTRALIZADO to-zone WAN policy SALIDA match application any set security policies from-zone SIP-CENTRALIZADO to-zone WAN policy SALIDA then permit set security policies from-zone WAN to-zone SIP-CENTRALIZADO policy ENTRADA match source-address any set security policies from-zone WAN to-zone SIP-CENTRALIZADO policy ENTRADA match destination-address any set security policies from-zone WAN to-zone SIP-CENTRALIZADO policy ENTRADA match application any set security policies from-zone WAN to-zone SIP-CENTRALIZADO policy ENTRADA then permit set security zones security-zone LAN host-inbound-traffic system-services all set security zones security-zone LAN host-inbound-traffic protocols all set security zones security-zone LAN interfaces vlan.79 set security zones security-zone WAN interfaces fe-0/0/7.78 set security zones security-zone SIP-CENTRALIZADO host-inbound-traffic system-services all set security zones security-zone SIP-CENTRALIZADO host-inbound-traffic protocols all set security zones security-zone SIP-CENTRALIZADO interfaces vlan.100 set vlans SIP-CENTRALIZADO vlan-id 200 set vlans SIP-CENTRALIZADO l3-interface vlan.CAPACITACION PYMES ROUTERS JUNIPER SRX100B.200 set security zones security-zone SIP-CENTRALIZADO interfaces fe-0/0/4.0 set vlans PUBLICA vlan-id 100 set vlans PUBLICA l3-interface vlan.0 set security zones security-zone LAN interfaces vlan.100 set security zones security-zone LAN interfaces fe-0/0/0.