Juniper Config - RouteDo

Juniper Configuration Reference

Authentication

Radius

Management

Flow Data - MX Logging NTP SFLOW SNMPv3 SRX Cluster Virtual Chassis - EX/QFX

NAT

NAT Pool NAT Static

Network

Class of Service Interface range LAG Sub Interface Vlan Voice Vlan VRRP

Route

BGP Setup OSPF Passive Interface OSPF Setup ROUTE - Route Leaking Routing Instance Static Route

Security

Before Firewall Filter Address Book Entry DHCP Snooping Firewall Filter IKE Phase 1 IKE Phase 2 IPsec Interesting Traffic Management Filter RETH - SRX Security Policy Security Zone

STP

RSTP VSTP

AUTH - Radius
1	set system authentication-order radius
2	set system authentication-order password
3
4	set system radius-server {{ Server_IP }} port 1645
5	set system radius-server {{ Server_IP }} accounting-port 1646
6	set system radius-server {{ Server_IP }} secret {{ Secret Key }}
7	set system radius-server {{ Server_IP }} retry 1
8	set system radius-server {{ Server_IP }} source-address {{ Source_IP }}

MGMT - Flow Data - MX
1	set interfaces {{ Interface }} unit 0 family inet sampling input
2	set interfaces {{ Interface }} unit 0 family inet sampling output
3
4	set chassis tfeb slot 0 sampling-instance {{ Sample_Name }}
5
6	set forwarding-options sampling instance {{ Sample_Name }} input rate 1
7	set forwarding-options sampling instance {{ Sample_Name }} family inet output flow-server {{ Flow_IP }} port {{ Port }}
8	set forwarding-options sampling instance {{ Sample_Name }} family inet output flow-server {{ Flow_IP }} version-ipfix template ipv4
9	set forwarding-options sampling instance {{ Sample_Name }} family inet output inline-jflow source-address {{ Source_IP }}

MGMT - Logging
1	set system syslog user * any emergency
2	set system syslog host {{ Syslog_IP }} any info
3	set system syslog file messages any notice
4	set system syslog file messages authorization info
5	set system syslog file interactive interactive-commands any
6	set system syslog file all-logs any any
7	set system syslog file all-logs archive size 1000k
8	set system syslog file all-logs archive files 5
9	set system syslog file log-messages any any
10	set system syslog file log-messages match "(requested 'commit' operation)\|(requested 'commit synchronize' operation))"
11	set system syslog file log-messages structured-data
12	set system syslog source-address {{ Source_IP }}

MGMT - NTP
1	set system ntp server {{ NTP_IP }}
2	set system ntp source-address {{ Source_IP }}

MGMT - SFLOW
1	set protocols sflow polling-interval 30
2	set protocols sflow sample-rate ingress 1000
3	set protocols sflow sample-rate egress 1000
4	set protocols sflow source-ip {{ Source_IP }}
5	set protocols sflow collector {{ SFLOW_Collector_IP }} udp-port {{ Port }}
6	set protocols sflow interfaces {{ Interface }}

MGMT - SNMPv3
1	set snmp description {{ Description }}
2	set snmp location {{ Location }}
3	set snmp contact {{ Contact }}
4	set snmp interface {{ Source_Interface }}
5	set snmp v3 usm local-engine user {{ SNMP_User }} authentication-sha authentication-key {{ Auth_Key }}
6	set snmp v3 usm local-engine user {{ SNMP_User }} privacy-aes128 privacy-key {{ Privacy_Key }}
7	set snmp v3 vacm security-to-group security-model usm security-name {{ Security_Name }} group {{ SNMP_Group }}
8	set snmp v3 vacm access group {{ SNMP_Group }} default-context-prefix security-model usm security-level privacy read-view {{ SNMP_View }}
9	set snmp v3 vacm access group {{ SNMP_Group }} default-context-prefix security-model usm security-level privacy notify-view {{ SNMP_View }}
10
11	set snmp v3 target-address {{ Target_Name }} address {{ IP_Address }}
12	set snmp v3 target-address {{ Target_Name }} tag-list {{ SNMP_User }}
13	set snmp v3 target-address {{ Target_Name }} address-mask {{ Subnet_Mask }}
14	set snmp v3 target-address {{ Target_Name }} target-parameters {{ Parameter_Name }}
15
16	set snmp v3 target-parameters {{ Parameter_Name }} parameters message-processing-model v3
17	set snmp v3 target-parameters {{ Parameter_Name }} parameters security-model usm
18	set snmp v3 target-parameters {{ Parameter_Name }} parameters security-level privacy
19	set snmp v3 target-parameters {{ Parameter_Name }} parameters security-name {{ SNMP_User }}
20
21	set snmp engine-id local {{ IP_Address }}
22	set snmp view {{ SNMP_View }} oid .1 include

MGMT - SRX Cluster
1	set chassis cluster control-link-recovery
2	set chassis cluster reth-count {{ Number_of_Reths }}
3	set chassis cluster control-ports {{ Interface }}
4	set chassis cluster redundancy-group 0 node 0 priority {{ Priority }}
5	set chassis cluster redundancy-group 0 node 1 priority {{ Priority }}
6	set chassis cluster redundancy-group 1 interface-monitor {{ Interface }} weight {{ Weight }}

MGMT - Virtual Chassis - EX/QFX
1	set virtual-chassis preprovisioned
2	set virtual-chassis no-split-detection
3	set virtual-chassis member 0 role routing-engine
4	set virtual-chassis member 0 serial-number {{ Serial_Number }}
5	set virtual-chassis member 1 role line-card
6	set virtual-chassis member 1 serial-number {{ Serial_Number }}

NAT - Pool
1	set security nat source pool {{ Pool_Name }} address {{ Pool_Address }}
2
3	set security nat source ruleset {{ Ruleset_Name }} from zone {{ Source_Zone }}
4	set security nat source ruleset {{ Ruleset_Name }} to zone {{ Destination_Zone }}
5	set security nat source ruleset {{ Ruleset_Name }} rule {{ Rule_Name }} match destination-address {{ Destination_Address }}
6	set security nat source ruleset {{ Ruleset_Name }} rule {{ Rule_Name }} then source-nat pool {{ Pool_Address }}

NAT - Static
1	set security nat static ruleset {{ Ruleset_Name }} from zone {{ From_Zone }}
2	set security nat static ruleset {{ Ruleset_Name }} rule {{ Rule_Name }} match destination-address-name {{ Public_Address }}
3	set security nat static ruleset {{ Ruleset_Name }} rule {{ Rule_Name }} then static-nat prefix-name {{ Internal_IP }}
4
5	set security nat proxy-arp interface {{ Interface }} address {{ Public_Address }}

NET - Class of Service
1	set class-of-service forwarding-classes class NET-CONTROL queue-num 7
2	set class-of-service forwarding-classes class VOIP queue-num 5
3	set class-of-service forwarding-classes class CRITICAL queue-num 3
4	set class-of-service forwarding-classes class BE queue-num 1
5	set class-of-service forwarding-classes class SCAVENGER queue-num 0
6	set class-of-service interfaces ge-* scheduler-map ethernet-cos-map
7	set class-of-service interfaces xe-* scheduler-map ethernet-cos-map
8	set class-of-service scheduler-maps ethernet-cos-map forwarding-class NET-CONTROL scheduler NET-CONTROL_SCHED
9	set class-of-service scheduler-maps ethernet-cos-map forwarding-class VOIP scheduler VOIP_SCHED
10	set class-of-service scheduler-maps ethernet-cos-map forwarding-class CRITICAL scheduler CRITICAL_SCHED
11	set class-of-service scheduler-maps ethernet-cos-map forwarding-class BE scheduler BE_SCHED
12	set class-of-service scheduler-maps ethernet-cos-map forwarding-class SCAVENGER scheduler SCAVENGER_SCHED
13	set class-of-service schedulers VOIP_SCHED buffer-size percent 20
14	set class-of-service schedulers VOIP_SCHED priority strict-high
15	set class-of-service schedulers CRITICAL_SCHED buffer-size percent 20
16	set class-of-service schedulers CRITICAL_SCHED priority strict-high
17	set class-of-service schedulers NET-CONTROL_SCHED buffer-size percent 15
18	set class-of-service schedulers NET-CONTROL_SCHED priority strict-high
19	set class-of-service schedulers BE_SCHED transmit-rate percent 40
20	set class-of-service schedulers BE_SCHED buffer-size percent 30
21	set class-of-service schedulers BE_SCHED priority low
22	set class-of-service schedulers SCAVENGER_SCHED transmit-rate percent 20
23	set class-of-service schedulers SCAVENGER_SCHED buffer-size percent 15
24	set class-of-service schedulers SCAVENGER_SCHED priority
25
26	set interfaces {{ Interface }} unit 0 family ethernet-switching filter input {{ COS_Filter }}
27
28	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_NET-CONTROL from ip-precedence net-control
29	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_NET-CONTROL then forwarding-class NET-CONTROL
30	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_NET-CONTROL then loss-priority low
31	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_VOIP from destination-port {{ Voice-Ports }}
32	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_VOIP from ip-source-address {{ VOIP_Source_IP }}
33	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_VOIP from ip-protocol tcp
34	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_VOIP from ip-protocol udp
35	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_VOIP then forwarding-class VOIP
36	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_VOIP then loss-priority low
37	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_CRITICAL_HOSTS from ip-destination-address {{ Destination_IP }}
38	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_CRITICAL_HOSTS then forwarding-class CRITICAL
39	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_CRITICAL_HOSTS then loss-priority low
40	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_CRITICAL_ICMP from ip-protocol icmp
41	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_CRITICAL_ICMP then forwarding-class CRITICAL
42	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_CRITICAL_ICMP then loss-priority low
43	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_CRITICAL_SSH from destination-port 22
44	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_CRITICAL_SSH then forwarding-class CRITICAL
45	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_CRITICAL_SSH then loss-priority low
46	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_BE then forwarding-class BE
47	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_BE then loss-priority low
48	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_SCAVENGER from ip-destination-address {{ Destination_IP }}
49	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_SCAVENGER then forwarding-class SCAVENGER
50	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_SCAVENGER then loss-priority high
51	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_WIRELESS from ip-source-address {{ Wireless_Source_IP }}
52	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_WIRELESS then forwarding-class BE
53	set firewall family ethernet-switching filter {{ COS_Filter }} term TAG_WIRELESS then loss-priority low

NET - Interface range
1	set interfaces interface-range {{ Range_Name }} member-range ge-0/0/0 to ge-0/0/47
2	set interfaces interface-range {{ Range_Name }} unit 0 family ethernet-switching vlan members {{ Vlan_Name }}

NET - LAG
1	set interfaces ae0 description {{ Description }}
2	set interfaces ae0 aggregated-ether-options link-speed 10g
3	set interfaces ae0 aggregated-ether-options lacp active
4	set interfaces ae0 aggregated-ether-options lacp periodic fast
5	set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
6	set interfaces ae0 unit 0 family ethernet-switching vlan members all
7	set interfaces ae0 unit 0 family ethernet-switching filter input {{ COS_Filter }}

NET - Sub Interface
1	set interfaces {{ Interface }} vlan-tagging
2	set interfaces {{ Interface }} unit {{ Unit_Number }} vlan-id ID }}

NET - Vlan
1	set vlans {{ Vlan_Name }} description {{ Description }}
2	set vlans {{ Vlan_Name }} vlan-id {{ ID }}

NET - Voice Vlan
1	set switch-options voip interface {{ Interface }} vlan {{ Vlan_Name }}
2	set switch-options voip interface {{ Interface }} forwarding-class expedited-forwarding

NET - VRRP
1	set interfaces {{ Interface }} unit {{ ID }} family inet address {{ IP_Address }} vrrp-group {{ VRRP_NUM }} virtual-address {{ VIP }}
2	set interfaces {{ Interface }} unit {{ ID }} family inet address {{ IP_Address }} vrrp-group {{ VRRP_NUM }} priority {{ Priority }}
3	set interfaces {{ Interface }} unit {{ ID }} family inet address {{ IP_Address }} vrrp-group {{ VRRP_NUM }} preempt
4	set interfaces {{ Interface }} unit {{ ID }} family inet address {{ IP_Address }} vrrp-group {{ VRRP_NUM }} accept-data
5	set interfaces {{ Interface }} unit {{ ID }} family inet address {{ IP_Address }} vrrp-group {{ VRRP_NUM }} authentication-type simple
6	set interfaces {{ Interface }} unit {{ ID }} family inet address {{ IP_Address }} vrrp-group {{ VRRP_NUM }} authentication-key {{ Auth_Key }}

ROUTE - BGP Setup
1	set routing-options autonomous-system {{ ASN }}
2
3	set protocols bgp group {{ Group_Name }} type {{ Internal \| External }}
4	set protocols bgp group {{ Group_Name }} multipath
5	set protocols bgp group {{ Group_Name }} neighbor {{ Neighbor_IP }} local-preference 100
6	set protocols bgp group {{ Group_Name }} neighbor {{ Neighbor_IP }} local-address {{ Local_IP }}
7	set protocols bgp group {{ Group_Name }} neighbor {{ Neighbor_IP }} authentication-key {{ Auth_Key }}
8	set protocols bgp group {{ Group_Name }} neighbor {{ Neighbor_IP }} export {{ Export_Filter }}
9	set protocols bgp group {{ Group_Name }} neighbor {{ Neighbor_IP }} import {{ Import_Filter }}
10	set protocols bgp group {{ Group_Name }} neighbor {{ Neighbor_IP }} bfd-liveness-detection minimum-interval 3000
11	set protocols bgp group {{ Group_Name }} neighbor {{ Neighbor_IP }} bfd-liveness-detection multiplier 4
12
13	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} from route-filter 192.168.0.0/24 exact
14	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} then reject
15	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} from route-filter 0.0.0.0/0 exact
16	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} from route-filter 172.16.0.0/12 orlonger
17	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} from route-filter 10.0.0.0/8 orlonger
18	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} then accept

ROUTE - OSPF Passive Interface
1	set protocols ospf area 0.0.0.0 interface {{ Interface }} passive

ROUTE - OSPF Setup
1	set protocols ospf area 0.0.0.0 interface {{ Interface }} priority 200
2
3	Specify Interface Type
4	set protocols ospf area 0.0.0.0 interface {{ Interface }} interface-type p2p
5
6	set protocols ospf area 0.0.0.0 interface {{ Interface }} authentication md5 1 key {{ Auth Key }}
7	set protocols ospf area 0.0.0.0 interface {{ Interface }} bfd-liveness-detection minimum-interval 3000
8	set protocols ospf area 0.0.0.0 interface {{ Interface }} bfd-liveness-detection multiplier 4

ROUTE - Route Leaking
1	set routing-options instance-import {{ Policy_Name }}
2
3	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} from instance {{ Instance_Name }}
4	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} from route-filter 172.16.0.0/12 upto /24
5	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} from route-filter 192.168.0.0/16 upto /24
6	set policy-options policy-statement {{ Policy_Name }} term {{ Term_Name }} then accept
7	set policy-options policy-statement {{ Policy_Name }} term reject then reject

ROUTE - Routing Instance
1	set routing-instances {{ Instance_Name }} instance-type virtual-router
2	set routing-instances {{ Instance_Name }} interface {{ Interface }}
3	set routing-instances {{ Instance_Name }} routing-options static route 0.0.0.0/0 next-hop {{ Next-Hop_IP }}

ROUTE - Static Route
1	set routing-options static route 172.16.0.0/12 next-hop {{ Next-Hop_IP }}

SEC - Before Firewall Filter
1	insert firewall filter {{ Filter_Name }} term {{ Term_Name }} before term {{ Term_Name }}

SEC - Address Book Entry
1	set security address-book global address {{ Address_Name }} {{ x.x.x.x/xx }}

SEC - DHCP Snooping
1	set vlans {{ Vlan_Name }} forwarding-options dhcp-security group {{ Group_Name }} overrides trusted
2	set vlans {{ Vlan_Name }} forwarding-options dhcp-security group {{ Group_Name }} interface {{ Interface }}

SEC - Firewall Filter
1	set firewall filter {{ Filter_Name }} term {{ Term_Name }} from source-address {{ Source_Address }}
2	set firewall filter {{ Filter_Name }} term {{ Term_Name }} from destination-address {{ Destination_Address }}
3	set firewall filter {{ Filter_Name }} term {{ Term_Name }} from protocol tcp
4	set firewall filter {{ Filter_Name }} term {{ Term_Name }} from source-port {{ PORT }}
5	set firewall filter {{ Filter_Name }} term {{ Term_Name }} then syslog
6	set firewall filter {{ Filter_Name }} term {{ Term_Name }} then accept

SEC - IKE Phase 1
1	set security ike proposal {{ IKE_Proposal_Name }} authentication-method pre-shared-keys
2	set security ike proposal {{ IKE_Proposal_Name }} dh-group {{ DH-Group }}
3	set security ike proposal {{ IKE_Proposal_Name }} authentication-algorithm sha1
4	set security ike proposal {{ IKE_Proposal_Name }} encryption-algorithm aes-256-cbc
5	set security ike proposal {{ IKE_Proposal_Name }} lifetime-seconds 86400
6
7	set security ike policy {{ IKE_Policy_Name }} mode main
8	set security ike policy {{ IKE_Policy_Name }} proposals {{ IKE_Proposal_Name }}
9	set security ike policy {{ IKE_Policy_Name }} pre-shared-key ascii-text {{ Pre-Share-Key }}

SEC - IKE Phase 2
1	set security ipsec proposal {{ IPSEC_Proposal_Name }} protocol esp
2	set security ipsec proposal {{ IPSEC_Proposal_Name }} authentication-algorithm hmac-sha1-96
3	set security ipsec proposal {{ IPSEC_Proposal_Name }} encryption-algorithm aes-256-cbc
4	set security ipsec proposal {{ IPSEC_Proposal_Name }} lifetime-seconds 28800
5
6	set security ipsec policy {{ IPSEC_Policy_Name }} perfect-forward-secrecy keys group5
7	set security ipsec policy {{ IPSEC_Policy_Name }} proposals {{ IPSEC_Proposal_Name }}
8
9	set security ike gateway {{ Gateway_Name }} ike-policy {{ IKE_Policy_Name }}
10	set security ike gateway {{ Gateway_Name }} address {{ External_Address_Neighor }}
11	set security ike gateway {{ Gateway_Name }} dead-peer-detection
12	set security ike gateway {{ Gateway_Name }} external-interface {{ External_Interface }}
13
14	set security ipsec vpn {{ VPN_Name }} ike gateway {{ Gateway_Name }}
15	set security ipsec vpn {{ VPN_Name }} ike ipsec-policy {{ IPSEC_Policy_Name }}
16	set security ipsec vpn {{ VPN_Name }} establish-tunnels immediately

SEC - IPsec Interesting Traffic
1	set security policies from-zone {{ Internal_Zone }} to-zone {{ Internet_Zone }} policy 1 match source-address {{ Internal_Address_Group }}
2	set security policies from-zone {{ Internal_Zone }} to-zone {{ Internet_Zone }} policy 1 match destination-address {{ Partner_Tunnel_Address_Group }}
3	set security policies from-zone {{ Internal_Zone }} to-zone {{ Internet_Zone }} policy 1 match application any
4	set security policies from-zone {{ Internal_Zone }} to-zone {{ Internet_Zone }} policy 1 then permit tunnel ipsec-vpn {{ VPN_Name }}
5	set security policies from-zone {{ Internal_Zone }} to-zone {{ Internet_Zone }} policy 1 then permit tunnel pair-policy 2
6	set security policies from-zone {{ Internal_Zone }} to-zone {{ Internet_Zone }} policy 1 then log session-init
7
8	set security policies from-zone {{ Internet_Zone }} to-zone {{ Internal_Zone }} policy 2 match source-address {{ Partner_Tunnel_Address_Group }}
9	set security policies from-zone {{ Internet_Zone }} to-zone {{ Internal_Zone }} policy 2 match destination-address {{ Internal_Address_Group }}
10	set security policies from-zone {{ Internet_Zone }} to-zone {{ Internal_Zone }} policy 2 match application any
11	set security policies from-zone {{ Internet_Zone }} to-zone {{ Internal_Zone }} policy 2 then permit tunnel ipsec-vpn {{ VPN_Name }}
12	set security policies from-zone {{ Internet_Zone }} to-zone {{ Internal_Zone }} policy 2 then permit tunnel pair-policy 1
13	set security policies from-zone {{ Internet_Zone }} to-zone {{ Internal_Zone }} policy 2 then log session-init

SEC - Management Filter
1	set interfaces vlan unit {{ Vlan_ID }} family inet filter input mgt-access
2
3	set firewall family inet filter mgt-access term allow-ssh from source-address {{ Source_IP }}
4	set firewall family inet filter mgt-access term allow-ssh from protocol tcp
5	set firewall family inet filter mgt-access term allow-ssh from destination-port ssh
6	set firewall family inet filter mgt-access term allow-ssh then accept

SEC - Redundant Ethernet Interfaces - SRX
1	set chassis cluster reth-count {{ Reth_Number }}
2
3	set interfaces {{ Interface }} gigether-options redundant-parent {{ Reth_Interface }}
4	set interfaces {{ Reth_Interface }} vlan-tagging
5	set interfaces {{ Reth_Interface }} redundant-ether-options redundancy-group 1
6	set interfaces {{ Reth_Interface }} unit {{ ID }} vlan-id {{ ID }}
7	set interfaces {{ Reth_Interface }} unit {{ ID }} family inet address {{ IP_Address }}

SEC - Security Policy
1	set security policies from-zone {{ Source_Zone }} to-zone {{ Destination_Zone }} policy {{ Policy Name }} description {{ Description }}
2	set security policies from-zone {{ Source_Zone }} to-zone {{ Destination_Zone }} policy {{ Policy Name }} match source-address {{ Source_Address }}
3	set security policies from-zone {{ Source_Zone }} to-zone {{ Destination_Zone }} policy {{ Policy Name }} match destination-address {{ Destination_Address }}
4	set security policies from-zone {{ Source_Zone }} to-zone {{ Destination_Zone }} policy {{ Policy Name }} match application any
5	set security policies from-zone {{ Source_Zone }} to-zone {{ Destination_Zone }} policy {{ Policy Name }} then permit
6	set security policies from-zone {{ Source_Zone }} to-zone {{ Destination_Zone }} policy {{ Policy Name }} then log session-init

SEC - Security Zone
1	set security zones security-zone {{ Zone_Name }} host-inbound-traffic system-services ping
2	set security zones security-zone {{ Zone_Name }} host-inbound-traffic system-services traceroute
3	set security zones security-zone {{ Zone_Name }} host-inbound-traffic system-services ssh
4	set security zones security-zone {{ Zone_Name }} interfaces {{ interface }}

STP - RSTP
1	set protocols rstp bridge-priority 4k
2	set protocols rstp interface {{ Interface }}

STP - VSTP
1	set protocols vstp interface {{ Interface }}
2	set protocols vstp vlan {{ ID }} bridge-priority 40k