1

## reset > passwd > cat srx210 >> /etc/hosts
load factory-default
set system root-authentication plain-text-password(will prompt for password)
set system host-name srx210
## WAN
set interfaces ge-0/0/0 unit 0 family inet address 1.2.232.189/18
set routing-options static route 0.0.0.0/0 next-hop 1.2.192.1

## DMZ ##
set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/24
set security zones security-zone dmz host-inbound-traffic system-services all
set security zones security-zone dmz host-inbound-traffic protocols all
set security zones security-zone dmz interfaces ge-0/0/1
delete interfaces interface-range interfaces-trust member ge-0/0/1


## DMZ - Priority extream
set security zones security-zone dmz address-book address mydmz 192.168.2.2/32
set security policies from-zone untrust to-zone dmz policy mydmz1 match source-address any
### this line why ???, can i not skip this line so that it allows any to any?###
set seucirty policies from-zone untrust to-zone dmz policy mydmz1 match destination-address mydmz
###############################################################################
set security policies from-zone untrust to-zone dmz policy mydmz1 match application any
set security policies from-zone untrust to-zone dmz policy mydmz1 then permit

2

root# commit 
[edit security policies from-zone untrust to-zone dmz policy mydmz1 match destination-address]
  'any'
    Entries in addition to 'any' is invalid
[edit security policies from-zone untrust to-zone dmz policy mydmz1]
  'match'
    Error reading destination addresses.
error: configuration check-out failed

[edit]
root# ...untrust to-zone dmz policy mydmz1 match destination-address ?      
Possible completions:
  <address>            Address from address book or static_nat or incoming_nat address
  [                    Open a set of values
  any                  Any address
  mydmz                [security zones security-zone dmz address-book address <*>]
[edit]
root# ...untrust to-zone dmz policy mydmz1 match destination-address